Comment on page

ropfu

Challenge
What's ROP? Can you exploit the following program to get the flag? Download source. nc saturn.picoctf.net 56380
Solution
This challenge is identical to PicoCTF 2019's rop32. We automate the solution (the linked writeup doesn't). This writeup for PicoCTF 2019's rop32 explains the exploit in more detail.
The actual exploit ROP chain was obtained using ROPgadget by running ROPgadget --binary ./vuln --rop --badbytes "0a".
Flag
picoCTF{5n47ch_7h3_5h311_e81af635}

Binary Exploitation - Previous

function overwrite

Next - Binary Exploitation

stack cache

Last modified 1yr ago