slides/2018-software-security/demo/cmd_complex


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# compile
gcc -Wall -Werror -std=c99 -ggdb -fno-stack-protector -m32 -o complex complex.c

# want
ptr to "/bin/bash"          <-- will becomes system's first args
dummy RA                    <-- will becomes sytem's RA
ptr to system               <-- RA
...

# find /bin/bash
x/500s $rsp

# find system
p system

# run with args
run `python -c 'print "some stuff"'`