aboutsummaryrefslogtreecommitdiff
path: root/slides/2018-software-security/demo/cmd_complex
diff options
context:
space:
mode:
Diffstat (limited to 'slides/2018-software-security/demo/cmd_complex')
-rw-r--r--slides/2018-software-security/demo/cmd_complex17
1 files changed, 17 insertions, 0 deletions
diff --git a/slides/2018-software-security/demo/cmd_complex b/slides/2018-software-security/demo/cmd_complex
new file mode 100644
index 0000000..b8bc8e4
--- /dev/null
+++ b/slides/2018-software-security/demo/cmd_complex
@@ -0,0 +1,17 @@
+# compile
+gcc -Wall -Werror -std=c99 -ggdb -fno-stack-protector -m32 -o complex complex.c
+
+# want
+ptr to "/bin/bash" <-- will becomes system's first args
+dummy RA <-- will becomes sytem's RA
+ptr to system <-- RA
+...
+
+# find /bin/bash
+x/500s $rsp
+
+# find system
+p system
+
+# run with args
+run `python -c 'print "some stuff"'`