How to type ASCII code "00" and "01" in linux bash?

Question

I have program which looks like this:

/* buf_overflow.c */
#include <stdio.h>
int main(){
    char buf[4];
    char exploit_buf[4];
    fgets(buf, 4, stdin);
    gets(exploit_buf);
    printf("exploit_buf: %s\n", exploit_buf);
    return 0;
}

I'm going to use the vulnerability of "gets" function to buffer-overflow some other variables. The value that I want to write to "exploit_buf" is "AAAAAAAA\x01\x00\x00\x00", but i don't know how to send ASCII codes "01" and "00" into exploit_buf.

I know that using this command "printf "AAAAAAAA\x01\x00\x00\x00"" can type the characters that I want, but I don't know how to send them into exploit_buf. I also know that Alt+(number keys on the right of the keyboard) can generate characters from the ASCII code I typed, but this doesn't work in my program either.

The main problem is "how can I skip the first function "fgets()" and type arbitrary ASCII code in "gets()"".

Anyone knows how to type arbitrary ASCII code in the command line of linux?

Answer 1

You can use echo -e:

$ echo -ne 'AAAAAAAA\x01\x00\x00\x00' | python -c 'import sys; print repr(sys.stdin.read())'
'AAAAAAAA\x01\x00\x00\x00'

-e allows echo to interpret escape codes, and -n suppresses the trailing newline.

Note that the Python program prints out the string representation of what it received, which is exactly what we sent in using echo.

For more complex exploit strings, it's not uncommon to simply use Perl or Python to build the exploit string directly:

$ perl -e 'print "A" x 1024 . "\0\0\0\1"' | ./buf_overflow