docs

Dockerfile

@@ -4,7 +4,6 @@ RUN mkdir /lab
 
 RUN bash -c "chmod +rwx /lab"
 
-COPY Makefile /lab/Makefile
 COPY bof.elf /lab/bof.elf
 COPY bof.s /lab/bof.s
 
@@ -15,6 +14,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt install --yes curl sudo openssh-server ra
 RUN curl https://gist.githubusercontent.com/bfu4/c8d252f36c9aeb30d98a133e1cf922e3/raw/ae93e86e910deef429716daf325552f1d74bb82b/iuadd --output /usr/local/bin/iuadd
 RUN chmod +x /usr/local/bin/iuadd
 
+RUN cd lab
 
 EXPOSE 22/tcp
 

bof.s

@@ -46,7 +46,7 @@
 #   |---|---|---|---|---|---|---|---|----|----|----|----|----|----|----|----|					#
 #   | / | / | / | / | / | / | / | / | 61 | 61 | 61 | 61 | 61 | 61 | 61 | 61 |					#
 #   |---|---|---|---|---|---|---|---|----|----|----|----|----|----|----|----|					#
-#   | x | x | x | x | x | x | x | x | 6a | 11 | 40 | 00 | <-- saved bp (1)  |					#
+#   | x | x | x | x | x | x | x | x | 63 | 10 | 40 | 00 | <-- saved bp (1)  |					#
 #   |___|___|___|___|___|___|___|___|____|____|____|____|___________________|					#
 #														#
 #    Since we don't really care what is in the memory where the x's are, we can put anything there. We want	#
@@ -55,9 +55,9 @@
 #    follow that format. Instead of writing {0x40, 0x10, 0x47} to stdin, we will write {0x47, 0x10, 0x40} to	#
 #    be able to write 0x401047 (the address we want to jump to).						#
 #
-#    This allows us to craft the final payload: "aaaaaaaaaaaaaaaa\x47\x11\x40".					#
+#    This allows us to craft the final payload: "aaaaaaaaaaaaaaaa\x47\x10\x40".					#
 #---------------------------------------------------------------------------------------------------------------#
-#    Execution: bash -c 'printf "aaaaaaaaaaaaaaaa\x47\x11\x40" | ./bof.elf'					#
+#    Execution: bash -c 'printf "aaaaaaaaaaaaaaaa\x47\x10\x40" | ./bof.elf'					#
 #---------------------------------------------------------------#-----------------------------------------------#
 		nop						# 						#
 		leave						#		 END OF FUNCTION		#

docs/commands.txt

@@ -0,0 +1,42 @@
+= PROGRAMS
+
++-------------------------------------------------------------------------------+
+| program	| flags		| args		| description			|
++---------------|---------------|---------------|-------------------------------+
+| rabin2	| -Ss		| ./bof.elf	| get symbol information	|
+|		|		|		| like function addresses	|
++---------------|---------------|---------------|-------------------------------+
+| r2		| -wAAf		| ./bof.elf	| analyze a binary (static)	|
++---------------|---------------|---------------|-------------------------------+
+| cat		|		| ./bof.s	| read the contents of the 	|
+|		|		|		| source file			|
++---------------|---------------|---------------|-------------------------------+
+| objdump	| -d		| ./bof.elf	| disassemble a binary		|
++---------------|---------------|---------------|-------------------------------+
+| grep		| -e		|  string	| grab text where a string 	|
+|		|		|		| occurs, non case sensitive	|
++---------------|---------------|---------------|-------------------------------|
+| curl		| 		| url		| get an http response from 	|
+|		|		|		| from the provided url and	|
+|		|		|		| output to stdout or a file	|
+|		|		|		| via the --output=file flag	|
++---------------|---------------|---------------|-------------------------------+
+| printf	|		| string	| print the provided string	|
++---------------|---------------|---------------|-------------------------------+
+| chmod		| +x		| ./bof.elf	| add execute permission	|
++---------------|---------------|---------------|-------------------------------|
+| lldb		| 		| ./bof.elf	| execute the program to debug	|
++-------------------------------------------------------------------------------+
+
+= UTILITIES
+
++-------------------------------------------------------------------------------+
+| characters (s)	| format		| use case			|
++-----------------------|-----------------------|-------------------------------+
+| | (pipe)		| cmd1 | cmd2		| "pipe" the output from cmd1 	|
+|			|			| into input for cmd2		|
++-----------------------|-----------------------|-------------------------------+
+| ./			| ./<file>		| execute a LOCAL (accessable 	|
+|			|			| from the current working	|
+|			|			| directory) file.		|
++-------------------------------------------------------------------------------+

docs/help.txt

@@ -0,0 +1,21 @@
+= HELP
+
+Feeling stuck? There's actually a cheatsheet!
+
+
+Command Cheatsheet: <url-here>
+Binary Source Code: <url-here>
+
+To get the files, run:
+
+curl <url> --output <name-your-file-here>
+
+For example:
+
++-------------------------------------------------------+
+| curl <url>/bof.s --output ./bof.s			|
+|							|
+| and							|
+|							|
+| curl <url>/cheatsheet.txt --output ./cheatsheet.txt	|
++-------------------------------------------------------+