Pwn - Intro to Pwning 1

  1. leak the return address of main using %47$p (read the 47th element from the stack)
  2. Send "Expelliarmus\0" to get past the password check
  3. Send 258-13+6 * "A"
  4. Send the address of a ret instruction aligning the stack correctly
  5. send the address of the win function
CSCG{NOW_PRACTICE_MORE}