Prologue Back to the future is a pwnable challenge in PlaidCTF 2020. If you are interested, check out Dragon Sector's writeup: https://blog.dragonsector.pl/2020/04/plaidctf-2020-back-to-future.html. Dragon Sector's solution is really impressive: take this challenge as a blind pwnable challenge and do ROP without debugging! However, doing exploit without a debugger is painful to me :( When playing this challenge during the competition, I thought setting up an environment to debug the aout-format executable would be fun, and of course, it turned out a time-consuming process. This post will talk about what I did to debug the old browser. Recon After trying to run the program on my VM(Ubuntu 18.04), I found it's an aout-format binary and the current kernel does not support it. Just nc -lvp [port] then submit our url to the server, we got some interesting information (picture from my teammate @hzshang):