Task: ROP
rop/support/rop
is a 64-bit binary with a simple buffer overflow. However, it has NX enabled, so normal shellcode will not work. Find a way to create a working exploit.
TIP: On x86_64, function arguments are no longer found on the stack but in registers.
If you’re having trouble with this exercise, you may use this. Keep in mind that peda
’s functionality may be a bit different from that of the provided setup, but you should have this. In pwndbg
, you can use something like rop --grep "pop rsi"
.