Hi there,
I come across a topic as follows:
- No protection
→ Calculate the EIP and take control - NX Stack
→ Libc → use system() and bash → make use of gdb-peda and set the break point
→ mprotect - ASLR
→ Bruteforce
→ Calculate the offset → use the objdump something like that.
Appreciate if someone can explain in depths.
I was also refer to these links:
You can try the SEED labs at
https://seedsecuritylabs.org/
Also, for GOT and PLT
But I find it quite interesting but don’t quite understand the topic and someone will point or redirect me to better resources.