On Tue, 26 Mar 2013 19:45:39 +0100 "Tóth Attila" <[email protected]> wrote:
> I ment: how to do ROP in python and how a compiled python script can be an > objective of a ROP attack? If the attacker carefuly studies the way how > exactly the script becomes executable code in memory, it gains control on > a mechanism to plant the necessary pre-designed snippets needed for the > actual exploit. ROP-based exploitation requires the attacker to have exact knowledge about content and layout of the bytecode (which contains potential ROP gadgets) in memory, ability to store arbitrary data at some known or appropriate location and ability to purposefully affect execution flow (in cases when the natural execution flow won't "execute" the payload eventually). With those requirements met, it should be much easier to store some raw bytecode (or source code, in case of pure interpreters) somewhere and then make it interpreted by the language runtime.
pgpWfvKgZ5HFT.pgp
Description: PGP signature
