$ cyclic 100 $ run < pattern Offset = 0x44 (68 bytes). objdump -d p1flyingring | grep "jmp esp" → none in binary. Check libc or use push esp; ret :
$ cat flag FLAGp1_flying_ring_overflow No NX + no canary + jmp esp gadget → classic stack overflow to shellcode. p1flyingring
Checking security:
Here’s a write-up for the challenge, assuming it’s a CTF/pwn challenge (common on platforms like pwnable.tw or similar). If you meant a different context (e.g., reversing, web), let me know. p1flyingring – Write-up Challenge Overview p1flyingring is a binary exploitation challenge. The name hints at a “flying ring” (possibly a pun on Feng Ring or buffer overflow). The binary is a 32-bit ELF with minimal protections. $ cyclic 100 $ run < pattern Offset = 0x44 (68 bytes)