Master the fundamental concepts of binary exploitation through this focused micro-challenge.
A ROP chain is a carefully constructed sequence of gadget addresses placed on the stack. Each gadget performs a small operation and ends with ret, which loads the next gadget address. By chaining enough gadgets, attackers perform arbitrary computations without injecting new code.
Find gadgets with tools like ROPgadget, ropper, or objdump. For calling system("/bin/sh") on x86-64 Linux:
cLoading…
Challenges include NULL bytes in addresses (terminate strcpy), 16-byte stack alignment before system(), and ASLR randomizing all addresses.
You will document ROP chain construction conceptually, including gadget types and stack layout. The pop-rdi/system chain is the canonical first ROP exploit taught in pwn-focused CTFs, and getting stack alignment right trips up most first-time exploit writers.
ROPgadget scans executable segments for sequences ending in ret. Libc is gadget-rich because it contains millions of instructions compiled from C source. Useful gadgets need not be full functions; pop rdi; ret is just two instructions. Defenders deploy Control Flow Integrity and shadow stacks, but understanding basic chain construction remains essential for CTF competitions and vulnerability research on unpatched services.
Implement a C program that documents ROP chain construction.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github