ropfu
What's ROP? Can you exploit the following program to get the flag? Download source.
nc saturn.picoctf.net 56380This challenge is identical to PicoCTF 2019's rop32. We automate the solution (the linked writeup doesn't). This writeup for PicoCTF 2019's rop32 explains the exploit in more detail.
The actual exploit ROP chain was obtained using ROPgadget by running
ROPgadget --binary ./vuln --rop --badbytes "0a".picoCTF{5n47ch_7h3_5h311_e81af635}