# HG changeset patch # User Christian Urban # Date 1412642626 -3600 # Node ID ae6074cc446a421037c046a4d9f1c66e1240b825 # Parent 74772c30e0f48a379e2c587af6789109f1751682 updated diff -r 74772c30e0f4 -r ae6074cc446a progs/shell.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/progs/shell.c Tue Oct 07 01:43:46 2014 +0100 @@ -0,0 +1,8 @@ +#include + +int main() +{ char *name[2]; + name[0] = "/bin/sh"; + name[1] = NULL; + execve(name[0], name, NULL); +} diff -r 74772c30e0f4 -r ae6074cc446a slides/slides03.pdf Binary file slides/slides03.pdf has changed diff -r 74772c30e0f4 -r ae6074cc446a slides/slides03.tex --- a/slides/slides03.tex Tue Oct 07 00:52:18 2014 +0100 +++ b/slides/slides03.tex Tue Oct 07 01:43:46 2014 +0100 @@ -396,8 +396,24 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{Starting A Shell} + +\small +\lstinputlisting[language=C,numbers=none,xleftmargin=-6mm]{../progs/o1.c} + +\begin{textblock}{7}(5,7.5) +\begin{bubble}[7cm] +\lstinputlisting[language=C,numbers=none,xleftmargin=-0mm]{../progs/shell.c} +\end{bubble} +\end{textblock} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Payloads (2)} +\frametitle{Avoiding \texttt{$\backslash$x00}} \begin{itemize} \item another difficulty is that the code is not allowed to contain \texttt{$\backslash$x00}: @@ -415,6 +431,17 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{Overflow.c} + +\lstinputlisting[language=C,numbers=none]{../progs/overflow.c} + + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Variants} There are many variants: