ROP Emporium Challenge 6 - Pivot (64 bits)
Description: There’s only enough space for a three-link chain on the stack but you’ve been given space to stash a much larger ROP chain elsewhere. Learn how to pivot the stack onto a new location.
ROP Emporium Challenge 5 - Fluff (32 bits)
Description: The concept here is identical to the write4 challenge. The only difference is we may struggle to find gadgets that will get the job done.
ROP Emporium Challenge 5 - Fluff (64 bits)
Description: The concept here is identical to the write4 challenge. The only difference is we may struggle to find gadgets that will get the job done.
ROP Emporium Challenge 4 - Badchars (64 bits)
Description: An arbitrary write challenge with a twist; certain input characters get mangled before finding their way onto the stack
ROP Emporium Challenge 4 - Badchars (32 bits)
Description: An arbitrary write challenge with a twist; certain input characters get mangled before finding their way onto the stack
ROP Emporium Challenge 3 - Write4 (32 bits)
Description: We’ll be looking for gadgets that let us write a value to memory such as mov [reg], reg.
ROP Emporium Challenge 3 - Write4 (64 bits)
Description: We’ll be looking for gadgets that let us write a value to memory such as mov [reg], reg.
ROP Emporium Challenge 2 - Callme (32 bits)
Description: You must call callme_one(), callme_two() and callme_three() in that order, each with the arguments 1,2,3 e.g. callme_one(1,2,3) to print the flag. The solution here is simple enough, use your knowledge about what resides in the PLT to call the callme_ functions in the above order and with the correct arguments.