Rating: 2.0
### ROPi
> Ritorno orientata programmazione `nc ropi.vuln.icec.tf 6500` [download file](./ropi_1335922d55bc23ddc49a8c5077723113d5cddf02756ad8231e96058188bfc249)
There's a read 0x40 bytes at `0x08048562` when only 0x38 allocated. So it's pretty easy exploitable.
Then you need open file and get fd -> read by that fd -> print read data. So the flow should be ret->ori->pro. Then is simply working with right layer and correct magic nums at [exploit](./ropi_exploit.py).
Flag: `IceCTF{italiano_ha_portato_a_voi_da_google_tradurre}`