Solutions for ROP Emporium challenges (https://ropemporium.com/) in python.
ROP Emporium contains 7 challenges (32-bit and 64-bit versions) in somewhat increasing difficulty to teach ROP basics.
This repo contains python scripts that either print the flag or result in a shell, pretty much all of the challenges can getyou a shell if you really want to.
nm binary | grep ' t '
readelf --relocs binary
objdump -M intel -dj .plt binary
strings binary
or the much better alternative rabin2 -z binary
vmmap
in PEDA after starting program, otherwise other modules aren't mapped yet.Note: You probably want to utilize the pwntools support to programmatically get GOT/PLT/segment data/function addresses using. It's easier to tell people than to use it myself..
If some solutions are unclear/confusing/total shit, go ahead and submit a PR.