After spending a few days searching and reading information about ROP ( Return Oriented Programming ), I decided to release the blog I learned a little shaping with a case study, in which ROP is used to exploit a stack overflow in a binary stack executable ( NX ) and stack randomization ( ASLR ) enabled on your system.
ROP (Return Oriented Programming)
This is a technique that basically involves exploitation search binary executable sections (which are not affected by ASLR, for example: text) " gadgets ", which are actually small pieces of code immediately followed by a RET. Then, these gadgets will be used to create a command string, so that each return the next gadget gadget (the address of the next gadget, which will be on the stack).
Vulnerable program
To test this technique, I have chosen 10 of the CTF level of Nuit Du Hack 2010 , which is currently online, and to start with this topic seems ideal.
read more........http://danigargu.blogspot.com.es/2013/01/having-fun-with-rop-nxaslr-bypass-linux_18.html