Demonstrate the concept of ROP. Assume a non-executable stack. Use the code below and GDB debugger to find System function address (assume a 32-bit or 64-bit system) in libc. Find the address of /bin/sh (system shell) by using the same code and GDB debugger. Demonstrate how this information can be used to circumvent a non-executable stack and perform a ret2libc attack, an example of ROP.

#include #include #include int function1(int x, int y, int z) { int result_func1; result_func1 = x + y + z; return result_func1; } int function2(int x, int y, char* input_string) { int result_func2; char buffer[20]; strcpy(buffer, input_string); printf("Your input string %s is copied in the buffer ", input_string); result_func2 = x - y; return result_func2; } void function3(int result1, int result2) { printf("The result of function 1 is %d ", result1); printf("The result of function 2 is %d ", result2); } void function4(void) { printf("This function never gets called "); exit(-1); } int main(int argc, char* argv[]) { int result1; int result2; result1 = function1(5, 10, 15); result2 = function2(20, 8, argv[1]); function3(result1, result2); }