In `SECCON 2018 - classic` challenge, there is a `stack overflow` vulnerability which leads to overwriting the `return` address. Using `return oriented programming (ROP)`, we first leak `puts@GOT` address to find `libc` base address, write another `ROP` payload into `.bss` by calling `gets@GOT`, and move the control to the payload in `.bss` using `stack pivoting` which jumps to `one gadget` to execute `/bin/sh`. This is an interesting `ROP` challenge to learn bypassing protections like `NX`, `Partial RELRO`, and `ASLR` in `x86_64` binaries.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/SECCON/2018/classic).