当前位置：文江博客话题详情

security c penetration-testing stack-smash

如何从命令行提供标准输入输入？

发布于 2024-11-26 18:15:19 字数 484 浏览 1 评论 0原文

我正在尝试对班级作业的程序执行缓冲区溢出攻击。攻击程序和漏洞程序都是我写的。

易受攻击的代码使用 scanf 从 stdin 读取数据。

<代码>./易受攻击< male_payload_file.txt 工作正常。更多恶意有效负载 | ./vulnerable 和 echo JUNK_JUNK_JUNK_JUNK | ./vulnerable 也按预期工作。

但是，我想使用攻击程序继续提供越来越长的有效负载，直到程序崩溃。因此，我需要动态生成更大的垃圾有效负载。我正在使用 system ("./vulnerable"); 来重复调用并测试异常退出。

我如何指定这样的有效负载？

有没有办法运行 ./vulnerable < male_payload_binary 或以某种方式使我不必将恶意有效负载放入文件中，但可以在命令行中指定它？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

情魔剑神 2024-12-03 18:15:19

这个怎么样？

echo "your payload goes here" | ./vulnerable

您可以将 echo 命令替换为任何能够生成您想要的 ./vulnerable 输入的命令。一个这样的例子是持续不断的垃圾流作为输入，您可以这样做：

cat /dev/urandom | ./vulnerable

How about this?

echo "your payload goes here" | ./vulnerable

You can replace the echo command with any command that generates the input to ./vulnerable you want. One such example is a constant flow of junk as input, you can do this:

cat /dev/urandom | ./vulnerable

回复收藏 0 原文

孤城病女 2024-12-03 18:15:19

您可以尝试使用 popen 而不是 system，而不是尝试使用命令行：

FILE *fp = popen("./vulnerable", "w");
// write stuff to fp -- it goes to vulnerable's stdin
int exitcode = pclose(fp);

从 pclose 获得的退出代码与如果您使用另一个进程来创建数据并通过 shell 将其通过管道传输到 ./vulnerable，您将从 system 获得数据

Rather than trying to use the command line, you might try using popen instead of system:

FILE *fp = popen("./vulnerable", "w");
// write stuff to fp -- it goes to vulnerable's stdin
int exitcode = pclose(fp);

The exitcode you get from pclose is the same as what you would have got from system, had you used another process to create the data and piped it via the shell to ./vulnerable

回复收藏 0 原文

两个我 2024-12-03 18:15:19

尝试管道而不是重定向：

./malicious_payload_binary | ./vulnerable

Try piping instead of redirecting:

./malicious_payload_binary | ./vulnerable

回复收藏 0 原文

澜川若宁 2024-12-03 18:15:19

编辑：我想我终于明白你的问题了（也许），你想阅读命令行参数吗？如果

#include <stdio.h>

int main(int argc, char *argv[])
{
    printf("the name of this program is %s\n", argv[0]);
    printf("%d command line arguments were provided\n", argc);
    printf("the input file is %s\n", argv[1]);
    // could do something like: fopen(argv[1]) here
    return 0;
}

将其编译为名为 stdintest 的二进制文件并像这样运行它：

./stdintest somefile.txt

它将输出：

the name of this program is ./stdintest
2 command line arguments were provided
the input file is somefile.txt

OLD:

正如 dolphy 提到的，只需写入 malicious_payload_binary 中的标准输出，从 vulnerable 中的标准输入读取，然后用管道连接它们：./malicious_payload_binary | ./易受攻击

EDIT: I think I finally understand your question (maybe), you want to read command line arguments? Something like

#include <stdio.h>

int main(int argc, char *argv[])
{
    printf("the name of this program is %s\n", argv[0]);
    printf("%d command line arguments were provided\n", argc);
    printf("the input file is %s\n", argv[1]);
    // could do something like: fopen(argv[1]) here
    return 0;
}

If you compile it to a binary named stdintest and run it like so:

./stdintest somefile.txt

it will output:

the name of this program is ./stdintest
2 command line arguments were provided
the input file is somefile.txt

OLD:

As dolphy mentioned, just write to stdout in malicious_payload_binary, read from stdin in vulnerable, and connect them with a pipe: ./malicious_payload_binary | ./vulnerable

回复收藏 0 原文

~没有更多了~