Official Sick ROP Discussion

Official discussion thread for Sick ROP. Please do not post any spoilers or big hints.

Fun challenge :wink:

I cant find way to control the rdi register for syscall. Anyone can help me with this?

Type your comment

fun challenge, took me a few moments to figure out how to get around that one thing :stuck_out_tongue:

Very nice challenge, first time for me with this technique, here is my hint:
If you think you need something to make it possible, that something might be conveniently placed in the perfect spot, just look around in the place you can easily find things

Thanks to the creator…learned a new Technique
Here are my hints:
1.Challenge name is a big hint
2.Google Fu will get u close to the pwn
3.Search, search and search until u can find a perfect spot

Feel free to delete this if I have spoiled too much…
dm me if you need any lil nudges…

1 Like

Nice challenge, thnx to the creator! If someone need help just pm me

Hey guys. Still not sure what to do even with these hints. Could anyone give me a hand with this? I’ve been told it is not a traditional ROP and that the name is a big hint but I’m still not sure what to do with that.


Loved this challenge because when you finish the solution, you take a step back and admire how beautiful it is to see all the puzzle pieces fit together so perfectly. My hint, look up advanced ROP. You’re gonna struggle if you try that normal/noobie stuff.

So you’ve reach the end, but your situation isn’t what you hoped for.
If only you could start over.

Oh, I cleared this challenge in an unintentional way.
(I didn’t control rdi.)

1 Like

I’m interesting about how u solved this without controling the rdi , dm me man :slight_smile:

1 Like

Just cleared, challenge is nice , learned something new , for those who still stuck , the name of the challenge is a big hint but only uppercase :wink:

1 Like

Not sure if off topic, but I’m wondering if anyone can help me with GDB hanging on a certain syscall. The exploit works, but I couldn’t get there using the “gdb” class of the “pwn” library in Python, since it hangs. If anyone knows where this might come from, please contact me :).