I'll let you seek around my file as far as you want, but you can't go anywhere since it's /dev/null.
To figure out where things are, you can use the
debugger. I recommend using a Docker instance, such as with the Dockerfile provided, to ensure you have an environment that matches the remote server you are attacking.
You can find the location of functions in the Global Offset Table by using their name followed by
- for example,
I need to make a pwn? Let's go with that standard warmup rop thing... what was it... ret2libm?
The challenge server may be acting up. If your solution works locally and on the docker but not on remote, please open a ticket!
I love sockets and cats and socat and
Socat version on remote is
This is Michael's bank. You can't break into it, it's just impossible.
At the end lies your flag.
Updated distribution file: added Dockerfile and run script
How is memory laid out in the binary that's very different than a non-embedded binary? Also if you're scared of the qemu, it might help to know you can debug the binary with the
flags and gdb-multiarch.