Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I provide stdin inputs from command line?

Tags:

c

security

penetration-testing

stack-smash

I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by me.

The vulnerable code uses scanf to read data from stdin.

./vulnerable < malicious_payload_file.txt works fine. more malicious_payload | ./vulnerable and echo JUNK_JUNK_JUNK_JUNK | ./vulnerable also works as expected.

However, i would like to use the attack programme to keep supplying incrementally longer payloads till the programme crashes. So, I need to dynamically generate larger payloads of junks. I am using system ("./vulnerable"); to repeatedly call and test for an abnormal exit.

How do I specify such a payload?

Is there a way to run ./vulnerable < malicious_payload_binary or in some manner such that I do not have to put the malicious payload in a file, but can specify it in the command line?

like image 779
Lord Loh. Avatar asked Jul 27 '11 15:07

Lord Loh.

People also ask

Are command line arguments stdin?

Yes, command line arguments have no relation with stdin and stdin in that case is just pointing to your input device but not being used. stdin is itself is a file which by default points to your input device and takes input from there.

Can you write to stdin?

To begin with, stdin is, well, for input, you should not be writing to it (it might work though, if stdin and stdout point to the same descriptor.). If you explain what the goal is, there might be a better way to interact with the other program.

How do I signal end of stdin?

The simple, non-technical, answer is that Ctrl + D terminates the STDIN file and that Ctrl + C terminates the active application. Both are handled in the keyboard driver and apply to all programs reading from the keyboard.

2 Answers

How about this?

echo "your payload goes here" | ./vulnerable

You can replace the echo command with any command that generates the input to ./vulnerable you want. One such example is a constant flow of junk as input, you can do this:

cat /dev/urandom | ./vulnerable
like image 85
Susam Pal Avatar answered Oct 16 '22 22:10

Susam Pal

Rather than trying to use the command line, you might try using popen instead of system:

FILE *fp = popen("./vulnerable", "w");
// write stuff to fp -- it goes to vulnerable's stdin
int exitcode = pclose(fp);

The exitcode you get from pclose is the same as what you would have got from system, had you used another process to create the data and piped it via the shell to ./vulnerable

like image 2
Chris Dodd Avatar answered Oct 16 '22 22:10

Chris Dodd
Sign in to Comment

Related questions

MingW Netbeans 6.9.1 problem
Understanding concept of free
argv and polish notation calculator
Macro effect in the code
Pointers, Arrays, Strings and Malloc in C
sendto : Resource temporarily unavailable (errno 11)
How can I store 4 char into an unsigned int using bitwise operation?
Is it possible to obtain an intermediate C code from Objective-C?
Comparing dates in C with (Using time.h library)
How do you delete a cvseq in OpenCV?
Copying data in pointers
Callback on memory access?
thrd_busy and mtx_lock()/mtx_timedlock()
Get Strings used in Java from JNI
Is "faked subtraction" ever used in the real world?
Does the C Standard Allow for Self-Modifying Code?
memory allocation for string and array of char
difference in CPU time for two similar lines
Process Page Tables
snprintf in signal handler creates segmentation fault if started with valgrind

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!