ROP is a classic technique for getting around address randomization and non-executable memory. This sequence will teach you the basics. Problem available on the shell machine in /problems/ROP_3_7f3312fe43c46d26 , downloadable here[1] with source here[2]. If you solve the problem you will be able to read the key file by running cat /problems/ROP_3_7f3312fe43c46d26/key on the PicoCTF shell machine Hint: You're going to need to use gdb and search through libc for the address of system, exec, or a similar syscall wrapper. [1]https://2013.picoctf.com/problems/rop3-7f3312fe43c46d26 [2]https://2013.picoctf.com/problems/rop3-7f3312fe43c46d26.c