Tags: rop pwn seccomp 


# blakflag
Please see [original writeup](https://github.com/happysox/CTF_Writeups/tree/master/SEC-T_CTF_2019/blakflag) for a walkthrough.

The original description hinted that you have to leak the flag.

`nc blakflag-01.pwn.beer 45243`

stripped x64 binary

### TL;DR
* Can leak PIE and Canary -> ROP
* Seccomp blacklist
* Flag file descriptor never closed
* `sys_sendfile` not blacklisted but need to set `rax=0x28`
* `sys_write` gadget available and not blacklisted
* Set `rax=0x28` using return value from `sys_write`

Original writeup (https://github.com/happysox/CTF_Writeups/tree/master/SEC-T_CTF_2019/blakflag).