# Fixed addresses (no PIE) pop_rdi = 0x401226 # pop rdi ; ret plt_system = binary.plt['system'] plt_exit = binary.plt['exit'] bss_addr = 0x404050 # writable location in .bss
The binary is a 64‑bit Linux ELF that runs a simple “guess the number” style service. When executed it prints a banner and then asks the user to input a string. The goal is to obtain the flag, which is printed only after a successful exploitation of a hidden code path. ipzz281 full