Bypassing ASLR/NX with GOT Overwrite - finding system offset
Opened this issue · 1 comments
AndyCyberSec commented
Please clarify how tou find system offset
This is not clear:
./dump local-03ffe08ba6d5e7f5b1d647f6a14e6837938e3bed | grep system
what is it?
Then the guide will be perfect :)
sanmiguella commented
you can use objdump too but..
objdump -d /lib/i386-linux-gnu/libc-2.23.so | grep "<__libc_system@@GLIBC_PRIVATE>" -> command
0003ada0 <__libc_system@@GLIBC_PRIVATE> -> 0x0003ada0
identify and dump is to make your life easier
vagrant@ubuntu-xenial:~/libc-database$ ./identify /lib/i386-linux-gnu/libc-2.23.so
id local-568c528bd0d4ab9279ab140a11c9b138487e41ee
vagrant@ubuntu-xenial:~/libc-database$ ./dump local-568c528bd0d4ab9279ab140a11c9b138487e41ee | grep system
offset_system = 0x0003ada0