Tags: binary-exploitation binaryexploitation pwn 


I was given the [binary](https://github.com/mar232320/ctf-writeups/blob/main/nactf/2022/ret2?raw=true) and the [source code](https://github.com/mar232320/ctf-writeups/blob/main/nactf/2022/ret2.c)

My goal was to execute the print_flag() function.

Address of this function was 0x00000000004011f7

The buffer of char input is 16 and char takes 8 bytes itself so the overflow value must be 24. My payload was a*24 + \xf7\[email protected]\x00\x00\x00\x00\x00

Original writeup (https://github.com/mar232320/ctf-writeups/blob/main/nactf/2022/return.md).