ROP (Return Orientated Programming)


Some simple tips for using ROP for exploit development.


Search for “/bin/sh” string in libc system memory. Assuming the binary has been linked with libc of course.

(gdb) print system
$2 = {<text variable, no debug info>} 0x7ffff7a91c70 <system>
(gdb) find 0x7ffff7a91c70, +999999999999, "/bin/sh"
(gdb) x /s 0x7ffff7b9dc23
0x7ffff7b9dc23: "/bin/sh"


My favorite ROP tutorial

ROP example

ROP example

ROP Utilities

ROP gadget finder

ROPeMe, very simple setup –


Visit one of my previous Protostar challenge write ups where I demonstrate the use of ropeme,

Thank you

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s