Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Thread canary example

Browse source
This commit is contained in:
7Rocky 2024-04-07 12:29:45 +02:00
parent 654219573c
commit 3c938cce25
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
View file

@ -212,6 +212,10 @@ $tls = 0x7ffff7d7f640
... ...
``` ```
{% hint style="info" %}
Some of the above GDB functions are defined on an extension called [bata24/gef](https://github.com/bata24/gef), which has more features than the usual [hugsy/gef](https://github.com/hugsy/gef).
{% endhint %}
As a result, a large Buffer Overflow can allow to modify both the stack canary and the master canary in the TLS. This is the offset: As a result, a large Buffer Overflow can allow to modify both the stack canary and the master canary in the TLS. This is the offset:
```bash ```bash