ROP Emporium – Fluff

Fluff 32 Bit Overall the objective still same as write4 but in this binary the ROP gadget in the binary is limited. We need to find the ROP chain to achieve the objective. First, let’s find the EIP offset using Radare2.

EIP offset is 44. Find the writable memory section using  readelf command.

The .data section is writable. …