killchain-compendium/Exploits/Binaries/Canary Bypass.md

Canary Bypass

• Get canary value from stack via string format exploit as an offset

%42$p

• Use the found value to add it to the payload
• Afterwards, if the binary is PIE a pointer to the main or the elf which is stack aligned should be found