PicoCTF-2022 Writeup
  • README
  • Binary Exploitation
    • buffer overflow 1
    • buffer overflow 2
    • buffer overflow 3
    • flag leak
    • function overwrite
    • ropfu
    • stack cache
    • x-sixty-what
  • Cryptography
    • basic-mod1
    • basic-mod2
    • diffie-hellman
    • morse-code
    • NSA Backdoor
    • Sequences
    • substitution
    • Sum-O-Primes
    • Very Smooth
  • Forensics
    • Operation Oni
    • Operation Orchid
    • SideChannel
    • St3g0
    • Torrent Analyze
  • Reverse Engineering
    • Bbbbloat
    • Keygenme
    • unpackme
    • Wizardlike
  • Web Exploitation
    • Forbidden Paths
    • noted
    • Roboto Sans
    • SQLiLite
Powered by GitBook
On this page
  • Challenge
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Binary Exploitation

ropfu

Challenge

What's ROP? Can you exploit the following program to get the flag? Download source. nc saturn.picoctf.net 56380

Solution

This challenge is identical to PicoCTF 2019's rop32. We automate the solution (the linked writeup doesn't). This writeup for PicoCTF 2019's rop32 explains the exploit in more detail.

The actual exploit ROP chain was obtained using ROPgadget by running ROPgadget --binary ./vuln --rop --badbytes "0a".

Flag

picoCTF{5n47ch_7h3_5h311_e81af635}

Previousfunction overwriteNextstack cache

Last updated 3 years ago

Was this helpful?