# Loopy #0

## Problem

> This program is quite short, but has got `printf` and `gets` in it! This *shouldn't* be too hard, right?

Connect at `nc shell.2019.nactf.com 31283`

[loopy-0](loopy-0)

[loopy-0.c](loopy-0.c)

[libc.so.6](libc.so.6)

## Solution

This challenge is called `Loopy` because we need to call `vuln()` twice. The first time, we leak the [Global Offset Table (GOT)](http://bottomupcs.sourceforge.net/csbu/x3824.htm) value of `printf()`. The second time, we use that knowledge to call `system("/bin/sh")`.

[Python script](solver.py)

Original writeup (https://github.com/SababaSec/ctf-writeups/tree/master/2019/NACTF/Binary%20Exploitation/Loopy%20%230).