Exploit Dev — ret2libc

NX kills shellcode on the stack, so stop injecting code and reuse code already there. libc is mapped into every process, executable, full of useful functions including system() and the string "/bin/sh". We build a ret2libc chain — pop rdi for the argument, an alignment ret, then system — calling system("/bin/sh") without running one new instruction. We fix the movaps alignment crash, meet one_gadget, and see why a real