App - System

I have no idea to set rax to 15, can anyone give me some clues?

I havent solved it yet but I know that there is a syscall that 0 the eax then you can rop

Getting 15 into rax is the gist of this challenge. There are multiple ways. You could try to use the return value of a syscall, look for a fitting rop gadget or a combination of both.

As it is a local exploitation it may also be helpful to modify the way the binary is started...