Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX disabled
PIE: No PIE (0x400000)
RWX: Has RWX segments
Notes:
The binary has no mitigation, so we can do a stack bof and write our shellcode somewhere on the stack
fgets() reads in 0x47 bytes from the user, the two bytes from the base pointer has to be 0xe4ff, which is the opcode for jmp esp (hint that a pivot is needed)
Since we are limited on stack space, we could overwrite the return address with a jmp rsp to pivot to the beginning of our buffer to execute system(‘/bin/sh’) shellcode