#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

/* Exploitbarer Krempel */
int bar (){
    printf("Exploit successfull!\n");
}

void function(int sd_current, int b, int c) {
    unsigned char buffer1[140];
    unsigned char buffer2[180];
    int *ret;

    // Buffer 2 lesen 
    fgets(buffer2, 179, stdin);
    
    //printf("INPUT: %s\n", buffer2);

    // Buffer 2 in Buffer 1 kopieren
    strcpy(buffer1, buffer2);

    // Rücksprungadresse ausgeben
    printf("Return addresse is set to: \t0x%x\n", *(int *)(buffer1 + 148)); 

    // Adresse von Funktion bar ausgeben
    printf("Function bar is located at: \t0x0%x\n", &bar); 

    // Adresse von Printf ausgeben
    printf("Function system is located at: \t0x0%x\n", &system);

    // Position von buffer1 im Speicher
    printf("Shellcode Entrypoint: \t\t0x%x\n", &buffer1);
}

int main() {
    int      sd, sd_current;
    

    // Execute Function
    function(sd_current, 2, 3);

}

// http://www.phrack.org/archives/49/P49-14
// http://www.cert.org/secure-coding/content/t4-seacord-secure-codingv4pdf.pdf