[0x41414141 CTF] Only Pwnable Writeup

moving-signals There's only __start function. It consists of simple assemblies. Given that there are no NX bit, it seems to e a problem using shellcode(asm). In addition, /bin/sh is at 0x41250. I will use the following payload to leak the stack address. (ROP, RTL chain) payload = 'A'*8 + p64(0x41018) + p64(0x1) + p64(0x41000) + p64(0x41018) + p64(0x0) + p64(0x41000) It is a payload that sets rax..