--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/progs/shell.c	Tue Oct 07 01:43:46 2014 +0100
@@ -0,0 +1,8 @@
+#include <stdio.h>
+
+int main()
+{  char *name[2];
+   name[0] = "/bin/sh";
+   name[1] = NULL;
+   execve(name[0], name, NULL);
+}

Binary file slides/slides03.pdf has changed

--- a/slides/slides03.tex	Tue Oct 07 00:52:18 2014 +0100
+++ b/slides/slides03.tex	Tue Oct 07 01:43:46 2014 +0100
@@ -396,8 +396,24 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[t]
+\frametitle{Starting A Shell}
+
+\small
+\lstinputlisting[language=C,numbers=none,xleftmargin=-6mm]{../progs/o1.c}
+
+\begin{textblock}{7}(5,7.5)
+\begin{bubble}[7cm]
+\lstinputlisting[language=C,numbers=none,xleftmargin=-0mm]{../progs/shell.c}
+\end{bubble}
+\end{textblock}
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{Payloads (2)}
+\frametitle{Avoiding \texttt{$\backslash$x00}}
 
 \begin{itemize}
 \item another difficulty is that the code is not allowed to contain \texttt{$\backslash$x00}:
@@ -415,6 +431,17 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
+\frametitle{Overflow.c}
+
+\lstinputlisting[language=C,numbers=none]{../progs/overflow.c}
+
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
 \frametitle{Variants}
 
 There are many variants: