Tags: binary-exploitation binaryexploitation pwn
I was given the [binary](https://github.com/mar232320/ctf-writeups/blob/main/nactf/2022/ret2?raw=true) and the [source code](https://github.com/mar232320/ctf-writeups/blob/main/nactf/2022/ret2.c)
My goal was to execute the print_flag() function.
Address of this function was 0x00000000004011f7
The buffer of char input is 16 and char takes 8 bytes itself so the overflow value must be 24. My payload was a*24 + \xf7\[email protected]\x00\x00\x00\x00\x00