Guess the Number 2 — ROP Chain GOT Overwrite via gets
Build a ROP chain that calls gets twice to plant arbitrary data in the GOT, redirect strcspn to a shellcode stub, then trigger the win print path.
Build a ROP chain that calls gets twice to plant arbitrary data in the GOT, redirect strcspn to a shellcode stub, then trigger the win print path.