pwntools-rop-binary-exploitation.md

description
10/07/2023

pwntools ROP Binary Exploitation

Introduction

Here, we will be learning how to use pwntools to aid in our exploit development for Return-Oriented-Programming (ROP) for attacking binaries.

Startup

When starting, we want to see at what exact point we are segfaulting.

• Where does the segfault occur?
• What is the value of our instruction pointer (EIP/RIP)?
• Did we overwrite EIP/RIP?

Techniques

Checking where the segfault occurred:

dmesg

Viewing segfault with dmesg

Does the program require an argument?

./binary "$(python3 -c "import sys; sys.stdout.buffer.write(b'A'*100)")"

By changing the 100, we can change the amount of A's we are sending to the program as an argument to fuzz for the segfault or buffer overflow.

We will know that we are successful as soon as we see "Segmentation fault" being reflected to us in our output.

Program does not require an argument?

python3 -c "import sys; sys.stdout.buffer.write(b'A'*100)" | ./binary