Hi, could I get a nudge on the direction to go with this, please? I have the following ideas, but no go, 'cos the libc binary used on the server is not provided for download:
- ROP to execve function
- libc binary not provided and execve not imported by the space binary
- ROP to syscall
- binary does not contain executable byte sequences for syscall (0x0F 0x05), sysenter 0x0F 0x34) or int 0x80 (0xCD 0x80)