1. 8
  1.  

  2. [Comment removed by author]

    1. 4

      The most common methods on W^X systems will be ROP. Still you would be amazed how many programs violate W^X by requiring write/execute pages (hello anything using webkit, javascript or generally a JIT compiler).

      Regardless. Writing shell codes, smashing the stack etc. are still a valuable thing to learn. That’s the history of exploitation and a basic building block for gaining knowledge in the field. Learn to walk before trying to run.

      1. 1

        Still you would be amazed how many programs violate W^X by requiring write/execute pages (hello anything using webkit, javascript or generally a JIT compiler).

        I thought most of the popular JITs set the page of interest to W, write code to it, and then flip to X before jumping back in. For example: http://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/

        1. 2

          That’s only the most recent versions of firefox. No version of chrome/v8/node does that. Nor do thunderbird or xulrunner or other apps built from any even slightly older mozilla core.