Okay, I’ve created the usual execve x64 ROP chain:
dup2(socket_fd, 0)
dup2(socket_fd, 1)
dup2(socket_fd, 2)
execve(“/bin//sh” pointer, null pointers…)
exit(0)
I can execute commands, but I get no stdout in return… Has anyone encountered this before, if so what was the issue? Any feedback is appreciated.
What file descriptor are you using, and I’ve had the same problem before. btw you dont need execve, you can use system() call as well =)
I’m using 4 for the socket_fd… I’m using gadgets from a binary (non libc), so I am somewhat restricted. I have syscall and am able to put what I need to in the right registers. How did you solve your issue??