[VXCTF2017] EasyPWN1


It seems not_called function never execute. So my idea is to override the return address of main to address of not_called function.

Generate pattern
pattern create 200 > input
r < input

Find Padding offset by using pattern

There are two way to find the offset:
x/wx $rsp
pattern offset 0x41514141
or pattern search

Find not_called address:

Final solution script


