From 6355edc56ac00393a41df52996ea6f24b51411b1 Mon Sep 17 00:00:00 2001
From: Dan Goldsmith <aa9863@coventry.ac.uk>
Date: Mon, 23 Jan 2023 10:59:23 +0000
Subject: [PATCH] First Ret2Win Added

---
 Week2_IntroToOverflows/Makefile     | 13 +++++++++
 Week2_IntroToOverflows/ret2winOne.c | 43 +++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 Week2_IntroToOverflows/Makefile
 create mode 100644 Week2_IntroToOverflows/ret2winOne.c

diff --git a/Week2_IntroToOverflows/Makefile b/Week2_IntroToOverflows/Makefile
new file mode 100644
index 0000000..4f1a855
--- /dev/null
+++ b/Week2_IntroToOverflows/Makefile
@@ -0,0 +1,13 @@
+# Build the first overflow target
+
+CC = gcc
+CFLAGS = -m32 -g -z execstack
+
+
+ret2winOne: ret2winOne.c
+
+	$(CC) $(CFLAGS) ret2winOne.c -o ret2winOne
+
+
+all: ret2winOne
+
diff --git a/Week2_IntroToOverflows/ret2winOne.c b/Week2_IntroToOverflows/ret2winOne.c
new file mode 100644
index 0000000..7b49c59
--- /dev/null
+++ b/Week2_IntroToOverflows/ret2winOne.c
@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int BUFFER=150;
+
+void win(void){
+    /*Win Condition
+      We Want to jump here
+    */
+    printf("\n ===== Win ===== \n\n");
+    system("/bin/sh");  //Tradition to get a shell
+}
+
+void lose(void){
+    /* Lose Condition */
+    printf("Current Memory Address is %p\n",lose);
+    printf("Aim for %p\n", win);    
+    printf("Lose :(\n");
+}
+
+int main(int argc, char* argv[]){
+    /* Main Function*/
+    
+    //Pointer to the lose function
+    void (*fp)(void) = lose;
+
+    char buffer[BUFFER];
+    printf("Overflow the Buffer\n");
+
+    if (argc != 2){
+	printf("Overflow the buffer\n");
+	printf("Hint! Try `python -c \"print 'A'*100\"`\n");
+	return -1;
+    }
+      
+    memcpy(buffer, argv[1], strlen(argv[1]));
+    printf("Off to %p\n",fp);
+    fp();
+    
+    return 0;
+}