Overwrite value in memory by taking in user input

Question

Overwrite value in memory by taking in user input

This is related to a stack smash attack.

Basically, I am trying to smash the stack by giving a program a particular input. The program takes in a user input like this, using getchar:

for (i = 0; (c = getchar()) != '\n'; i++) buf[i] = c;

I want to overwrite memory to become 0x000000a1. Unfortunately, 0xa1 is not an ascii character, so I cannot just input something like ¡ (inverted exclamation) because that ends up giving 0x0000a1c2 in memory. How can I overwrite the value to be just 0x000000a1 without changing how the user input is processed in the program?

c

stack-smash

asked on Stack Overflow Oct 20, 2019 by

umop apisdn

2 Answers

You can use bash to inject arbitrary characters:

echo -e '\xA1' | /path/to/program

You can add additional input, put the echo in a loop, etc.

echo -e 'Something\xA1\xA1\xA1' | /path/to/program

answered on Stack Overflow Oct 20, 2019 by

dash-o

Your system's information is not provided, but usually the standard input is just a byte stream. It means that you can send arbitrary byte stream, not just valid characters.

For example, if your victim program is ./a.out, you can create a program to emit a payload

#include <stdio.h>

int main(void) {
    putchar(0xa1);
    putchar('\n'); /* to have the victim finish reading input */
    return 0;
}

and compile to, for example, ./b.out and execute using a pipe

$ ./b.out | ./a.out

($ is your terminal's prompt)

answered on Stack Overflow Oct 20, 2019 by

MikeCAT

User contributions licensed under CC BY-SA 3.0