dubblesort — pwnable.tw

###gathering

main
set_buf()
sort()
checksec(full mode)
file

###exploit

0x1b0000
system = libc_base + 0x3a940
bin_sh = libc_base + 0x158e8b

a loner