MISC - Tricks # Checking program/binary protectionschecksec --file ./binary# Getting more informations about an ELFreadelf -a ./binary# Gettign system() adress# Can be simpleobjdump -D ./binary | grep system# Getting known string ("GNU" for example)# Look forobjdump -s ./binary# Getting padding using pwntools>> from pwn import *# Generate pattern>> cyclic(400)## Find offset where SIGSEGV>> find_cyclic('<RSPoffset>')>> find_cyclic('yaac')# You can list gadgets using ROPGadgets.py# And then look for one you want./ROPgadget.py --binary ./binary
