Return Oriented Programming


Program Security.

Picture yourself as a digital maestro, orchestrating a symphony of code in a vast digital realm. However, there’s a twist: you don’t get to pen down your own notes. Instead, you're given a legacy of existing code snippets, scattered across the system. This is the essence of Return Oriented Programming (ROP) exploits! Using nothing but the remnants of the system’s own code, you craft a cunning composition that dances to your own tune, bypassing modern security measures with elegance and stealth.

Each snippet is like a musical phrase, ending in a "return" instruction, whisking you off to the next snippet in your clandestine concerto. With each leap and bound, you weave a nefarious narrative, circumventing security checks and executing unauthorized actions, all while under the unsuspecting nose of the system’s defenses.

ROP is not just a hack; it’s a masterpiece of unauthorized orchestration, a ballet of borrowed instructions, choreographed with precision to achieve your clandestine objectives. With ROP, you step into a realm where every byte is a beat, and every return is a rhythm, embarking on an exhilarating journey of exploitation and discovery.



Challenges

Overwrite a return address to trigger a win function!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overwrite a return address to trigger a win function!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Use ROP to trigger a two-stage win function!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Use ROP to trigger a two-stage win function!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Use ROP to trigger a multi-stage win function!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Use ROP to trigger a multi-stage win function!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage a stack leak while crafting a ROP chain to obtain the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage a stack leak while crafting a ROP chain to obtain the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Craft a ROP chain to obtain the flag, now with no stack leak!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Craft a ROP chain to obtain the flag, now with no stack leak!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Craft a ROP chain to obtain the flag, now with no syscall gadget!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Craft a ROP chain to obtain the flag, now with no syscall gadget!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Utilize a libc leak to ROP with libc!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Utilize a libc leak to ROP with libc!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

ROP with libc, no free leak this time!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

ROP with libc, no free leak this time!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform a stack pivot to gain control flow!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform a stack pivot to gain control flow!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform a partial overwrite to call the win function.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform a partial overwrite to call the win function.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Apply stack pivoting to call the win function.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Apply stack pivoting to call the win function.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Creatively apply stack pivoting to call the win function.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Creatively apply stack pivoting to call the win function.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform ROP when the function has a canary!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform ROP when the function has a canary!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform ROP against a network forkserver!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform ROP against a network forkserver!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform ROP when the stack frame returns to libc!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Perform ROP when the stack frame returns to libc!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score