Shell Four ORW — Open-Read-Write Shellcode with Seccomp

Write open-read-write shellcode to exfiltrate /flag.txt when execve is blocked by a seccomp filter.

January 1, 2025 · 3 min · giordii

Split — ret2win with ROP pop rdi Gadget

Classic x86-64 ret2win: overflow the return address, use a pop rdi gadget to pass the /bin/cat flag.txt string as argument, jump to system.

January 1, 2025 · 3 min · giordii