aboutsummaryrefslogtreecommitdiff
path: root/slides/2018-software-security/demo
diff options
context:
space:
mode:
Diffstat (limited to 'slides/2018-software-security/demo')
-rw-r--r--slides/2018-software-security/demo/cmd_complex17
-rw-r--r--slides/2018-software-security/demo/cmd_simple28
-rw-r--r--slides/2018-software-security/demo/complex.c13
-rw-r--r--slides/2018-software-security/demo/simple.c22
4 files changed, 80 insertions, 0 deletions
diff --git a/slides/2018-software-security/demo/cmd_complex b/slides/2018-software-security/demo/cmd_complex
new file mode 100644
index 0000000..b8bc8e4
--- /dev/null
+++ b/slides/2018-software-security/demo/cmd_complex
@@ -0,0 +1,17 @@
+# compile
+gcc -Wall -Werror -std=c99 -ggdb -fno-stack-protector -m32 -o complex complex.c
+
+# want
+ptr to "/bin/bash" <-- will becomes system's first args
+dummy RA <-- will becomes sytem's RA
+ptr to system <-- RA
+...
+
+# find /bin/bash
+x/500s $rsp
+
+# find system
+p system
+
+# run with args
+run `python -c 'print "some stuff"'`
diff --git a/slides/2018-software-security/demo/cmd_simple b/slides/2018-software-security/demo/cmd_simple
new file mode 100644
index 0000000..266535e
--- /dev/null
+++ b/slides/2018-software-security/demo/cmd_simple
@@ -0,0 +1,28 @@
+# compile
+gcc -std=c99 -fno-stack-protector -Wno-deprecated-declarations -ggdb -o simple simple.c
+
+# run
+gdb ./simple
+
+# demo commands
+list main
+list greeter
+list fun
+
+disassemble main
+disassemble greeter
+disassemble fun
+
+info register
+
+b main
+b greeter
+b fun
+
+run
+
+# show
+- return address / register values
+- 11a -> "8a"
+- segfault
+- jump fun
diff --git a/slides/2018-software-security/demo/complex.c b/slides/2018-software-security/demo/complex.c
new file mode 100644
index 0000000..ae91ac6
--- /dev/null
+++ b/slides/2018-software-security/demo/complex.c
@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <string.h>
+
+void f(char *b) {
+ char buf[8];
+ strcpy(buf, b);
+ printf("buf: %s\n", buf);
+}
+
+int main(int argc, char *argv[]) {
+ f(argv[1]);
+ return 0;
+}
diff --git a/slides/2018-software-security/demo/simple.c b/slides/2018-software-security/demo/simple.c
new file mode 100644
index 0000000..cd07c07
--- /dev/null
+++ b/slides/2018-software-security/demo/simple.c
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+void fun() {
+ printf("fun times!\n");
+}
+
+void mul(int first) {
+ int second = 0;
+ char buf[8] = {1,2,3,4,5,6,7,8};
+ printf("Enter a number: ");
+ gets(buf);
+ second = atoi(buf);
+ printf("%d*%d = %d\n", first, second, first*second);
+}
+
+int main() {
+ int first = 2;
+ mul(first);
+ return 0;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 05:27:42 +0000