once you connect to port 9026, the "asm" binary will be executed under asm_pwn privilege. make connection to challenge (nc 0 9026) then get the flag. (file name of the flag is same as the one in this directory)
The directory really contains a file with an awefully long name.
It's time to run the binary:
Our input should be x64 shellcode that uses only open, read and write to print the flag. A peek at the source code shows there aren't any shenanigans, it's really what we need to do.
The source also contains shell code which our shell code gets concatinated to. Lets decode it:
It zeros the registers. That's actualy quite nice of pwnables side, thanks ^_^
It's time to write some pure assembly! Using this wonderful table we created assembly that opens the flag file, reads it and outputs to stdout.
You may be asking yourself "what's that address that is assigned to rsi and rdi?" We concatinate the flag file name to the end of the shellcode, and that's it's addess. We also read the flag to the same location. The final shellcode: