aboutsummaryrefslogtreecommitdiff
path: root/slides/2018-software-security/demo/cmd_complex
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus@rgdd.se>2024-10-15 15:35:20 +0200
committerRasmus Dahlberg <rasmus@rgdd.se>2024-10-15 15:35:45 +0200
commit76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb (patch)
tree410ab71c78c99d35aecd46733958a5699cdf5204 /slides/2018-software-security/demo/cmd_complex
parent883a67439aff566962adafeb0385c6ae972073a3 (diff)
Rescue some slides from old private mono repos
Diffstat (limited to 'slides/2018-software-security/demo/cmd_complex')
-rw-r--r--slides/2018-software-security/demo/cmd_complex17
1 files changed, 17 insertions, 0 deletions
diff --git a/slides/2018-software-security/demo/cmd_complex b/slides/2018-software-security/demo/cmd_complex
new file mode 100644
index 0000000..b8bc8e4
--- /dev/null
+++ b/slides/2018-software-security/demo/cmd_complex
@@ -0,0 +1,17 @@
+# compile
+gcc -Wall -Werror -std=c99 -ggdb -fno-stack-protector -m32 -o complex complex.c
+
+# want
+ptr to "/bin/bash" <-- will becomes system's first args
+dummy RA <-- will becomes sytem's RA
+ptr to system <-- RA
+...
+
+# find /bin/bash
+x/500s $rsp
+
+# find system
+p system
+
+# run with args
+run `python -c 'print "some stuff"'`