Pwn - Intro to Pwning 2

  1. leak the canary and the address of the main function
  2. calc the base of the binary
  3. send 251 * "A" #(258 - len("Expelliarmus"))
  4. send the canary
  5. send 8 * "A"
  6. Send the address of a ret instruction aligning the stack correctly
  7. send the address of the win function
CSCG{NOW_GET_VOLDEMORT}