itsMe Posted April 1, 2023 Share Posted April 1, 2023 This is the hidden content, please Sign In or Sign Up An automatic Blind ROP exploitation python tool Abstract BROP (Blind ROP) was a technique found by Andrew Bittau from Stanford in 2014. Original paper Slides Most servers like nginx, Apache, MySQL, and forks then communicate with the client. This means canary and addresses stay the same even if there is ASLR and PIE. So we can use some educated brute force to leak information and subsequently craft a working exploit. Flow of exploitation Find buffer overflow offset Find canary Find saved registers (RBP / RIP) Find stop gadgets Find brop gadgets Find a Write function (write / dprintf / puts / …) Leak the binary This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts