orw is the second stage available on pwnable.tw. The solution to the first level can be found here.
This stage is primarily focused on writing shellcodes, generic exec shellcodes cannot be used due to a seccomp policy.
The seccomp policy only allows
write syscalls. Other then that, the program accepts a buffer (up to 200 bytes) and executes it.
We can assemble the above shellcode using
nasm with the following command:
nasm -f bin sc.asm.
Once we have the shellcode we can execute it:
nc -vvv chall.pwnable.tw 10001 < sc, and then get the stage’s flag!