So i checked the code and tried an address that is close to the given.

I run the server and tried address + 0x20.

It was correct and gave me the flag.


Flag: `bcactf{0nE_two_thR3E_f0ur_567___sT3ps_t0_PwN4G3_70cc0e5edd6ea}`

Original writeup (https://github.com/juke-33/Write-ups/tree/main/BCACTF%205.0/binex/Pwnage).