The challenge is a binary named “Mirror”

Running checksec:

user@user-virtual-machine:~$ checksec --file=Mirror
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH	Symbols		FORTIFY	Fortified	Fortifiable  FILE
No RELRO        No canary found   NX enabled    No PIE          No RPATH   No RUNPATH   16 Symbols     No	0		0	Mirror

Opening the binary in IDA shows only 4 functions:

• mirror
• print_flag
• exit
• _start

Since the whole code uses syscalls and not libc, no libraries are needed to be imported, so we do not have the option to use a ROP chain

the entry point “_start” calls the “mirror” function.

The mirror function reads a buffer from stdin into the stack using the first syscall, and then writes the written buffer into the stdout using the write syscall buffer

There is a stack overflow here since the size of the read buffer is not checked, so we can easily overwrite the return address. (stackFrame is 0x10 bytes, so anything over 0x10 bytes overflows the return address)