! [] (https://dreamhack-media.s3.amazonaws.com/attachments/deb1d7cd3fe37d1513340738698ff22654a3d64d7d961e07633bd4aac6343236.png) ###1. Exploit code 1-1. local from pwn import* libc_start_main_

! [image.png] (https://dreamhack-media.s3.amazonaws.com/attachments/98dd88d779db4f5584ec27e86cb7615d4c09ab186fb38b68277e40a2434ae870.png) When running locally, the free (): invalid pointer does not occur, but the server has this error

$ nc host3.dreamhack.games 15557 [1] Stack buffer overflow Buf: 11 Buf: 11 [2] Arbitary-Address-Write To write: 22 With: 33 [0x16] = 33 44 55 66 $ Server behavior is strange. When testing, unlike the problem, the following code doesn't work.

! [image.png] (https://dreamhack-media.s3.amazonaws.com/attachments/aff955632412473829dc8309045ef82efec9cf535835e97d97e363d2b8d231f5.png) ! [image.png] (https://dreamhack-media.s3.amazonaws.com/attachmen

I'm trying to follow Hook Overwrite through Exploit Test. I even got the flag value from local, but the actual server didn't show the flag value. Can I figure out what the problem is? Code #! /usr/bin/python 3 from pwn import* p = remote (“host1.dreamhack.games”, 17917) #p

If you check gdb, I see that it looks like libc_start_main+231. Is 231 the same for all systems?

If you don't even have a Docker file, is the only way to take a picture? I solved it, but I had some trouble experimenting locally...

libc.symbols ['__libc_start_main'] + 231 I don't understand this part If you take a picture of the stack in the fho executable gdb, the address value printed on ret If you check the address value, it says __libc_start_main + 205, why is 231 the answer?

Isn't the library given in the problem file a library used in a server environment? Looking at the questions, it seems that many people are struggling because the server and local library are different, but I wonder if the given library file is used by the server...! I'm curious, so I'm asking!! If that's not the case, why are you giving away library files? Also, the executable file given in the problem file is compiled on a server-based basis

Currently, I was given a libc file in the question, and I was able to find out the version through this, and I didn't need to use Docker, but is the Docker file used when it doesn't provide such a file?