ropfu

Challenge

What's ROP? Can you exploit the following program to get the flag? Download source. nc saturn.picoctf.net 56380

Solution

This challenge is identical to PicoCTF 2019's rop32. We automate the solution (the linked writeup doesn't). This writeup for PicoCTF 2019's rop32 explains the exploit in more detail.
The actual exploit ROP chain was obtained using ROPgadget by running ROPgadget --binary ./vuln --rop --badbytes "0a".

Flag

picoCTF{5n47ch_7h3_5h311_e81af635}
Copy link
Edit on GitHub