M build/blog/rop-on-arm/index.html → build/blog/rop-on-arm/index.html

@@ -181,11 +181,14 @@ <p>So that didn’t do much, just prints out a string “Nothing much here...”.
 But it <em>does</em> however, contain <code>system()</code>. Which somehow needs to be populated with an argument
 to do what we want (run a command, execute a shell, etc.).</p>
 
-<p>To do that, we’ll follow a multi-step process:
-1. Jump to the address of <code>gadget</code>, again the 2nd instruction. This will <code>pop</code> <code>r0</code> and <code>pc</code>.
-2. Push our command to be executed, say “<code>/bin/sh</code>” onto the stack. This will go into
-<code>r0</code>.
-3. Then, push the address of <code>system()</code>. And this will go into <code>pc</code>.</p>
+<p>To do that, we’ll follow a multi-step process: </p>
+
+<ol>
+<li>Jump to the address of <code>gadget</code>, again the 2nd instruction. This will <code>pop</code> <code>r0</code> and <code>pc</code>.</li>
+<li>Push our command to be executed, say “<code>/bin/sh</code>” onto the stack. This will go into
+<code>r0</code>.</li>
+<li>Then, push the address of <code>system()</code>. And this will go into <code>pc</code>.</li>
+</ol>
 
 <p>The pseudo-code is something like this:</p>
 

M pages/blog/rop-on-arm.md → pages/blog/rop-on-arm.md

@@ -152,7 +152,8 @@ So that didn’t do much, just prints out a string “Nothing much here...”.
 But it _does_ however, contain `system()`. Which somehow needs to be populated with an argument
 to do what we want (run a command, execute a shell, etc.).
 
-To do that, we’ll follow a multi-step process:
+To do that, we’ll follow a multi-step process: 
+
 1. Jump to the address of `gadget`, again the 2nd instruction. This will `pop` `r0` and `pc`.
 2. Push our command to be executed, say “`/bin/sh`” onto the stack. This will go into
 `r0`.