Same thing as Pwn intended 0x2, but this time our destination isn’t as visible
Start by analyzing the binary
Nothing interesting in main. We did notice sym.flag, let’s check that out
That’s what we want. So it looks like we’ll want to jump to 0x004011ce
Same as 0x2, find your padding using python and dmesg.
We can see that we start leaking in at 41, so we’ll use 40 for padding.