orw is the second stage available on The solution to the first level can be found here.

This stage is primarily focused on writing shellcodes, generic exec shellcodes cannot be used due to a seccomp policy.

The seccomp policy only allows open, read and write syscalls. Other then that, the program accepts a buffer (up to 200 bytes) and executes it.

The shellcode

We can assemble the above shellcode using nasm with the following command: nasm -f bin sc.asm.

Once we have the shellcode we can execute it: nc -vvv 10001 < sc, and then get the stage’s flag!