I'll let you seek around my file as far as you want, but you can't go anywhere since it's /dev/null.
To figure out where things are, you can use the
debugger. I recommend using a Docker instance, such as with the Dockerfile provided, to ensure you have an environment that matches the remote server you are attacking.
You can find the location of functions in the Global Offset Table by using their name followed by
- for example,
At the end lies your flag.
Updated distribution file: added Dockerfile and run script
How is memory laid out in the binary that's very different than a non-embedded binary? Also if you're scared of the qemu, it might help to know you can debug the binary with the
flags and gdb-multiarch.