Picture yourself as a digital maestro, orchestrating a symphony of code in a vast digital realm.
However, there’s a twist: you don’t get to pen down your own notes.
Instead, you're given a legacy of existing code snippets, scattered across the system.
This is the essence of Return Oriented Programming (ROP) exploits! Using nothing but the remnants of the system’s own code, you craft a cunning composition that dances to your own tune, bypassing modern security measures with elegance and stealth.
Each snippet is like a musical phrase, ending in a "return" instruction, whisking you off to the next snippet in your clandestine concerto.
With each leap and bound, you weave a nefarious narrative, circumventing security checks and executing unauthorized actions, all while under the unsuspecting nose of the system’s defenses.
ROP is not just a hack; it’s a masterpiece of unauthorized orchestration, a ballet of borrowed instructions, choreographed with precision to achieve your clandestine objectives.
With ROP, you step into a realm where every byte is a beat, and every return is a rhythm, embarking on an exhilarating journey of exploitation and discovery.
Return Oriented Programming Resources
Calling Functions
Overwrite a return address to trigger a win function!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Overwrite a return address to trigger a win function!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Use ROP to trigger a two-stage win function!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Use ROP to trigger a two-stage win function!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Use ROP to trigger a multi-stage win function!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Use ROP to trigger a multi-stage win function!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Chaining Gadgets
Leverage a stack leak while crafting a ROP chain to obtain the flag!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Leverage a stack leak while crafting a ROP chain to obtain the flag!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Craft a ROP chain to obtain the flag, now with no stack leak!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Craft a ROP chain to obtain the flag, now with no stack leak!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Craft a ROP chain to obtain the flag, now with no syscall gadget!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Craft a ROP chain to obtain the flag, now with no syscall gadget!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Leveraging Libc
Utilize a libc leak to ROP with libc!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Utilize a libc leak to ROP with libc!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
ROP with libc, no free leak this time!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
ROP with libc, no free leak this time!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Stack Pivoting Class Streams
Follow along with a live class with the same demo as the instructor!
This challenge is optional, it will not count towards dojo completion.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Stack Pivoting Challenges
Perform a stack pivot to gain control flow!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform a stack pivot to gain control flow!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform a partial overwrite to call the win function.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform a partial overwrite to call the win function.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Apply stack pivoting to call the win function.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Apply stack pivoting to call the win function.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Creatively apply stack pivoting to call the win function.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Creatively apply stack pivoting to call the win function.
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Exploitation
Perform ROP when the function has a canary!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform ROP when the function has a canary!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform ROP against a network forkserver!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform ROP against a network forkserver!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform ROP when the stack frame returns to libc!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
Perform ROP when the stack frame returns to libc!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@dojo.pwn.college
30-Day Scoreboard:
This scoreboard reflects solves for challenges in this module after the module launched in this dojo.