Some questions I did.
abs()
bypass in C- ROP
- full protection
- index out-of-bound
- file stream overwrite
- buffer overflow without leak
- ROP to orw
- windows
- ROP to orw
- use after free
- heap overlap
- GOT hijacking
- length limit: 0x100
- filtered characters:
\x00
\x05
\x0F
-- no syscall (\x0F\x05
)
- classic buffer overflow
- backdoor function provided
- amd64 shellcode
- seccomp: syscall limited to open, read, write
- amd64 shellcode
- GOT hijacking
- NX
- GOT hijacking
- ret2libc
- classic ROP
- buffer overflow
- NX, no canary
- buffer overflow
- NX, no PIE
- buffer overflow
- bypass ASLR
- ret2csu
- full protection
- libc-2.23
- classic use after free
- libc-2.23
- full protection
- no overflow
- fast bin attack / double free
- one gadget
- libc-2.23
- off-by-one null byte
- double free
- heap overlap
- libc-2.27
- Tcache: easier fast bin attack
- linux x86 shellcode