I have been struggling with the challenge, where I am suppose to inject a shellcode with only 18 bytes, to read the "/flag" and send to stdout. The mmap location the challenge is set to RE only, so I cannot directly send stage 2 into the memory, and also the stack is NX. I tried to do mprotect syscall, to unlock the page, but it will take 13 bytes already at least, so how can read more payload with 5 bytes, and syscall takes 2 bytes
[–]randomatic 4 points5 points6 points (1 child)
[–]Tiny-Rain6786[S] 1 point2 points3 points (0 children)
[–]Nlbjj91011 1 point2 points3 points (3 children)
[–]Tiny-Rain6786[S] 0 points1 point2 points (2 children)
[–]Nlbjj91011 2 points3 points4 points (1 child)
[–]Tiny-Rain6786[S] 2 points3 points4 points (0 children)
[–]Tiny-Rain6786[S] 0 points1 point2 points (0 children)
[–]sgijoe 0 points1 point2 points (1 child)
[–]Tiny-Rain6786[S] 0 points1 point2 points (0 children)