# ropfu

## Challenge

What's ROP? Can you exploit the following [program](https://github.com/HHousen/PicoCTF-2022/blob/master/Binary%20Exploitation/ropfu/vuln/README.md) to get the flag? [Download source](https://github.com/HHousen/PicoCTF-2022/blob/master/Binary%20Exploitation/ropfu/vuln.c). `nc saturn.picoctf.net 56380`

## Solution

This challenge is identical to PicoCTF 2019's [rop32](https://github.com/HHousen/PicoCTF-2019/tree/master/Binary%20Exploitation/rop32). We automate the solution (the linked writeup doesn't). [This writeup for PicoCTF 2019's rop32](https://github.com/Dvd848/CTFs/blob/master/2019_picoCTF/rop32.md) explains the exploit in more detail.

The actual exploit ROP chain was obtained using [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) by running `ROPgadget --binary ./vuln --rop --badbytes "0a"`.

### Flag

`picoCTF{5n47ch_7h3_5h311_e81af635}`