CTFtime.org

Rescue Shell

by EntropyQueen / MhackGyver

Tags: rop 

Rating: 4.0

Full explanation on how I solved that task.
TL;DR: two staged rop, leak address using write and jmp on one_gadget.

Original writeup (https://ark444.github.io/posts/NDH2k18_rescue_shell_writeup).

Comments