: By placing a magic_gadget address at a specific offset ( +0x60 ), the program was forced to execute the desired shellcode or function when it attempted to traverse to the "next" turtle. Execution & Debugging

: A 64-byte ( 0x40 ) buffer of null bytes provided a safe landing zone for the program's internal processing.

The core of this stage involved crafting a precision payload that aligned with the program's expectations of the turtle structure while redirecting the instruction pointer.

: Using the leak obtained previously, the payload had to account for specific register offsets. Payload Structure :

: The payload specifically targeted RDX and RAX to set up the final call.