.text
.globl _start

_start:
    jmp indirect

p:
    xor %rdi, %rdi
    pop %rdi
    push $0xfffffffffffffe4b
    xor %rsi, %rsi
    pop %rsi
    neg %rsi
    add $1, %rsi
    push $85
    pop %rax
    syscall

    xorq %rax, %rax
    xorq %rdi, %rdi
	push $42
    pop %rdi
	push $61
    pop %rax
    lea -1(%rax), %rax
	syscall

indirect:
    call p
	.ascii "/tmp/pwn"