Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000)
0x2 Vulnerability
basically, the main function ask us to enter a shellcode, then it will execute this shellcode. however the shellcode must satisfy a parity.
according to the program, the last bit of each byte in the shell must equal 0 or 1 depending on the index.
More specifically, for nth byte in the shell code, if the n is even, this byte must be even, if the n is odd, this byte must be odd.
It is not possible to construct syscall('/bin/sh') shellcode that satisfy this parity. But we can call read in our shellcode and then write syscall('/bin/sh') shellcode using read function.
construct a shellcode satisfy parity that calls read,