Master the fundamental concepts of binary exploitation through this focused micro-challenge.
The NX (No-eXecute) bit marks memory regions like the stack and heap as non-executable. This prevents attackers from injecting and executing shellcode directly on the stack, which was the classic exploitation technique before NX became standard.
Memory pages have permission bits: read (R), write (W), execute (X). Stack and heap are typically RW- (no execute). Attempting to jump to shellcode on the stack triggers SIGSEGV.
Return-Oriented Programming (ROP) bypasses NX by reusing existing executable code:
ret (gadgets)ret pops the next gadget addressCommon x86-64 gadgets:
pop rdi; ret: set first function argumentpop rsi; ret: set second argumentsyscall; ret: invoke a system callYou will document how NX prevents shellcode execution and explain how ROP reuses existing code fragments instead. ROP emerged as the dominant technique precisely because NX/DEP closed the shellcode-on-stack path.
ROP does not execute new instructions; it reuses existing ones ending in ret. A chain calling mprotect can mark a stack page executable, reviving classic shellcode techniques. More commonly, chains call system or execve directly. Intel CET shadow stacks and ARM Pointer Authentication record return addresses to detect ROP, but the technique remains central to exploit development education.
Implement a C program that demonstrates NX and explains ROP.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github