开发者

How do I provide stdin inputs from command line?

问答 作者:

I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by m开发者_Python百科e.

The vulnerable code uses scanf to read data from stdin.

./vulnerable < malicious_payload_file.txt works fine. more malicious_payload | ./vulnerable and echo JUNK_JUNK_JUNK_JUNK | ./vulnerable also works as expected.

However, i would like to use the attack programme to keep supplying incrementally longer payloads till the programme crashes. So, I need to dynamically generate larger payloads of junks. I am using system ("./vulnerable"); to repeatedly call and test for an abnormal exit.

How do I specify such a payload?

Is there a way to run ./vulnerable < malicious_payload_binary or in some manner such that I do not have to put the malicious payload in a file, but can specify it in the command line?

How about this?

echo "your payload goes here" | ./vulnerable

You can replace the echo command with any command that generates the input to ./vulnerable you want. One such example is a constant flow of junk as input, you can do this:

cat /dev/urandom | ./vulnerable

Rather than trying to use the command line, you might try using popen instead of system:

FILE *fp = popen("./vulnerable", "w");
// write stuff to fp -- it goes to vulnerable's stdin
int exitcode = pclose(fp);

The exitcode you get from pclose is the same as what you would have got from system, had you used another process to create the data and piped it via the shell to ./vulnerable

Try piping instead of redirecting:

./malicious_payload_binary | ./vulnerable

EDIT: I think I finally understand your question (maybe), you want to read command line arguments? Something like

#include <stdio.h>

int main(int argc, char *argv[])
{
    printf("the name of this program is %s\n", argv[0]);
    printf("%d command line arguments were provided\n", argc);
    printf("the input file is %s\n", argv[1]);
    // could do something like: fopen(argv[1]) here
    return 0;
}

If you compile it to a binary named stdintest and run it like so:

./stdintest somefile.txt

it will output:

the name of this program is ./stdintest
2 command line arguments were provided
the input file is somefile.txt

OLD:

As dolphy mentioned, just write to stdout in malicious_payload_binary, read from stdin in vulnerable, and connect them with a pipe: ./malicious_payload_binary | ./vulnerable

继续阅读:cpenetration-testingsecuritystack-smash

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9