PWN Sick ROP challenge — HTB

SROP with mprotect() NX bypass [x64]

This is a re-uploaded article from years ago. HTB banned it because the challenge was still active. I promised the audience to re-upload it after the challenge is retired.

This is my 9th walkthrough referring to the methodology described here.
It will be as always:

• concise,
• straight to the point.
• without the steps that lead to the rabbit hole.

0. Download the binary:

1. Basic checks:

2. General overview:

• The binary exploitation is straightforward, there is NX bit enabled and it is statically linked. Additionally, the name of the binary reveals what the problem will be to solve.