orw is the second stage available on pwnable.tw. The solution to the first level can be found here.
This stage is primarily focused on writing shellcodes, generic exec shellcodes cannot be used due to a seccomp policy.
The seccomp policy only allows open, read and write syscalls. Other then that, the program accepts a buffer (up to 200 bytes) and executes it.
The shellcode
We can assemble the above shellcode using nasm with the following command:
nasm -f bin sc.asm.
Once we have the shellcode we can execute it: nc -vvv chall.pwnable.tw 10001 < sc, and then get the stage’s flag!