This document discusses bypassing address space layout randomization (ASLR) protections to execute shellcode on the stack. It begins with an overview of stack-based buffer overflows and modern protections like non-executable stacks. It then describes using return-oriented programming (ROP) techniques like ret2libc to hijack control flow and call library functions like system() to spawn a shell. Specifically, it outlines overwriting a return address to call mprotect() to make the stack executable, then jumping to shellcode on the stack. The document provides example exploit code and steps to find needed addresses in memory.
1 of 31
More Related Content
05 - Bypassing DEP, or why ASLR matters
1. Bypassing DEP
Why ASLR matters
Alex Moneger
Security Engineer
Why ASLR matters