Task: ROP

rop/support/rop is a 64-bit binary with a simple buffer overflow. However, it has NX enabled, so normal shellcode will not work. Find a way to create a working exploit.

TIP: On x86_64, function arguments are no longer found on the stack but in registers.

If you’re having trouble with this exercise, you may use this. Keep in mind that peda’s functionality may be a bit different from that of the provided setup, but you should have this. In pwndbg, you can use something like rop --grep "pop rsi".

Checker

To test the implementation, enter the tests/ directory and run:

make check

In case of a correct solution, you will get an output such as:

test_payload                     ........................ passed ... 100

Total:                                                           100/100

Table of contents