pwn

I couldn't find enough time to finish that challenge yesterday. Turns out my chickens did escape. Good news, they came back on their own this morning, hence the extra time for this challenge.

Stuff I learned:

gef is excellent https://github.com/hugsy/gef, provides proper view of what's going on.
gdb's ni (nexti) is the instruction I needed. step/stepi next/nexti and some breakpoints is all I needed.
hexdump byte $esp hmmm that gef function really lacks from the standard gdb.
info proc mappings lists the mapped address space
x/8x printf gives the printf address as a side effect lol

That one was cool. Looks like we're going to overwrite some bytes next. Gotta do that tomorrow.