killchain-compendium/exploit/binaries/canary_bypass/canary_bypass.md

Canary Bypass

• Get canary value from stack via string format exploit as an offset

%42$p

• Use the found value to add it to the payload
• Afterwards, if the binary is PIE a pointer to the main or the elf which is stack aligned should be found