[sss] [Buffer Overflow]
Lucian Mogosanu
lucian.mogosanu at cs.pub.ro
Fri Jun 30 00:11:42 EEST 2017
Radu Codescu <radu.codescu27 at gmail.com> writes:
> Salut,
>
> Am si eu o intrebare. Incercam sa rezolv un exercitiu legat de buffer
> overflow si m-am lovit de urmatoarea problema.
> Buffer-ul nu se citeste de la stdin ci este primit ca si argument din linia
> de comanda. Problema este ca trebuie sa dau adresa functiei care
> bineinteles este in hexa.
> Exista cumva vreo posibilitate astfel incat sa dau ca si argument din linia
> de comanda un string de forma: "AAAAAA" + "\x08\x04\x84\x7b"? Mentionez ca
> nu pot folosi python nici bash deoarece nu am niciun drept pe masina
> respectiva.
Hi Radu,
(Switching to English, as per the mailing list etiquette.)
Are you allowed to call echo with the -e flag (-n would also be useful)?
To expand the output of a command to shell input (e.g. a command-line
argument) you can use command substitution [1]. For example:
$ ./my_executable $(cat /etc/issue)
calls "cat /etc/issue" and replaces the command substitution expression
with its output, e.g. (approximate expansion, not entirely accurate):
$ ./my_executable "Debian GNU/Linux 9 \n \l"
You might want to do something along the lines of:
$ ./my_executable $(echo -en "\xde\xad\xbe\xef")
[1]: http://tldp.org/LDP/abs/html/commandsub.html
Lucian
More information about the sss
mailing list