ROP Primer 0.2 - Level 1 (Remote Exploit)

Level 1 needs to be exploited remotely.

The buffer overflow in the service occurs, since the filename for the file to write is only 32 chars long, but "filesize" is defined as the length for "read" our input.

By this, we can overflow the filename by specifying a filesize greater than 32 byte. After getting control over EIP, we can inject our rop chain.

In order to get the content of the flag, we created a rop chain, which opens and reads the flag and then writes it back to the socket descriptor (as proposed by barrebas in the challenge description).