Days after the Corelan shared their generic/universal ROP chain, i decided to give it a try and see if i can build my own.
The trip inside the dll was very funny & instructive; i had the opportunity to meet many gadgets ;-)
The trip inside the dll was very funny & instructive; i had the opportunity to meet many gadgets ;-)
A commercial ROP chain from White Phosphorus can be found here : http://www.whitephosphorus.org/sayonara.txt
In order to use it, you have to be able to load msvcr71.dll.
The ROP chain size(22 dwords) is the same as the commercial one.
It works on XP, Windows 7.(I didn't test on Vista, 2003 & 2008 Server).
The chain is null byte free.
The chain works without any particular setup in terms of preparing registers.
Feel free to use the chain in your exploits and don’t forget to credit me ;-)
0 comments:
Post a Comment