ROP Emporium Challenge 3 - Write4 (32 bits)
Description: We’ll be looking for gadgets that let us write a value to memory such as mov [reg], reg.
ROP Emporium Challenge 3 - Write4 (64 bits)
Description: We’ll be looking for gadgets that let us write a value to memory such as mov [reg], reg.
ROP Emporium Challenge 2 - Callme (32 bits)
Description: You must call callme_one(), callme_two() and callme_three() in that order, each with the arguments 1,2,3 e.g. callme_one(1,2,3) to print the flag. The solution here is simple enough, use your knowledge about what resides in the PLT to call the callme_ functions in the above order and with the correct arguments.
ROP Emporium Challenge 2 - Callme (64 bits)
Description: You must call callme_one(), callme_two() and callme_three() in that order, each with the arguments 1,2,3 e.g. callme_one(1,2,3) to print the flag. The solution here is simple enough, use your knowledge about what resides in the PLT to call the callme_ functions in the above order and with the correct arguments.
ROP Emporium Challenge 1 - Split (32 bits)
Description: That useful string “/bin/cat flag.txt” is still present in this binary, as is a call to system(). It’s just a case of finding them and chaining them together to make the magic happen.
ROP Emporium Challenge 1 - Split (64 bits)
Description: That useful string “/bin/cat flag.txt” is still present in this binary, as is a call to system(). It’s just a case of finding them and chaining them together to make the magic happen.
ROP Emporium Challenge 0 - ret2win (32 bits)
Description: Locate a method within the binary that you want to call and do so by overwriting a saved return address on the stack.