Tags: rop pwn seccomp
Rating:
# blakflag
Please see [original writeup](https://github.com/happysox/CTF_Writeups/tree/master/SEC-T_CTF_2019/blakflag) for a walkthrough.
The original description hinted that you have to leak the flag.
`nc blakflag-01.pwn.beer 45243`
stripped x64 binary
### TL;DR
* Can leak PIE and Canary -> ROP
* Seccomp blacklist
* Flag file descriptor never closed
* `sys_sendfile` not blacklisted but need to set `rax=0x28`
* `sys_write` gadget available and not blacklisted
* Set `rax=0x28` using return value from `sys_write`