Let’s start by looking at the source code of the challenge.
As you can see we have additional win() function that we have to call. In the main we have function pointer fp and buffer. As the pointer in the code is assigned 0, no function is called. But what will happen if we would assign win to fp? Then in fp();, the function would be called.
In order to complete that, we have to find the address of the win() function. We can do this in both gdb and objdump, but in this task objdump will be faster.
Some of the output is omitted for clearability, here we have the most important information - 08048424 <win> - that’s our address 08048424. Now we have to pass this to the binary, together with 64 bytes that will fill the buffer.
If you have any suggestions regarding this post or just want to chat together check out these ways to reach out to me.