Task: ROP
rop/support/rop
is a 64-bit binary with a simple buffer overflow. However, it has NX enabled, so normal shellcode will not work. Find a way to create a working exploit.
TIP: On x86_64, function arguments are no longer found on the stack but in registers.
If you’re having trouble with this exercise, you may use this. Keep in mind that peda
’s functionality may be a bit different from that of the provided setup, but you should have this. In pwndbg
, you can use something like rop --grep "pop rsi"
.
Checker
To test the implementation, enter the tests/
directory and run:
make check
In case of a correct solution, you will get an output such as:
test_payload ........................ passed ... 100
Total: 100/100