~fluix/fluix.one

d0e67eeae335bd77f7257e85e86e9de0f01708df — Steven Guikal 1 year, 5 months ago 6c79041
Fix typo
1 files changed, 1 insertions(+), 1 deletions(-)

M content/blog/csictf-2020-pwn-intended.md
M content/blog/csictf-2020-pwn-intended.md => content/blog/csictf-2020-pwn-intended.md +1 -1
@@ 123,7 123,7 @@ The exploit here is quite clear, we need to overwrite the return pointer of the 

[^2]: One can find this out by debugging with [radare](https://www.radare.org/r/) which will was described in [this](https://theavid.dev/dmoj-ctf-20-binexp) blog post. It is *probably* for alignment, but to find out exactly why you'll have to become a [glibc librarian](https://www.gnu.org/software/libc/sources.html).

With that, our explain script, once again using [pwntools](https://github.com/Gallopsled/pwntools/), can be seen below. We use `p64` to convert the 64-bit address to the bytes described above.
With that, our exploit script, once again using [pwntools](https://github.com/Gallopsled/pwntools/), can be seen below. We use `p64` to convert the 64-bit address to the bytes described above.
```py
from pwn import *