whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/exploit/binaries/ret2libc.md

14 lines
230 B
Markdown
Raw Blame History

# Ret2libc
## Finding offsets
* On target find `sh` address inside libc
```sh
strings -a -t x /lib32/libc.so.6 | grep /bin/sh
```
* Sub from `system` address from inside libc
```sh
readelf -s /lib32/libc.so.6 | grep system
```
Reference in New Issue View Git Blame Copy Permalink