0

Firstly, I sorry about unlearly question, because of my bad english, I can not discrible it clearly. I also do not know what is it? whall is it called.

My problem below:

I write a program by C language:

#include <stdio.h>
#include <stdlib.h>

int main()  {
    char buf[2],buf1[10];

    fgets(buf,2,stdin);
    fgets(buf1,10,stdin);

    puts(buf);
    puts(buf1);

    printf("Opening Shell...\n");

    system("/bin/dash");

    printf("\nEND\n");
    return 0;
}

My purpose is passing parameter to overflow buffer variables and inserting a command after /bin/dash to read some file that I do not own,.etc... I tried: pipe : 

python2.7 -c 'print "a"*12 + "\n" + " -c \"cat tes.c > show\""' |  /myprogram

My program run normally, but shellcode -c "cat tes.c > show" maybe do not be used.

I set all file and permission 7777.

So, How can I insert shellcode after /bin/dash?

Thank for reading! Sorry for my bad english.

Improve this question

1 Answer 1

Reset to default
0

You need to override \0 at the end of "/bin/dash" and insert your code ending it with \0, since \0 marks the end of a string.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

If you want to you can also override "/bin/dash" depending on your needs. What's important that you insert your payload before the null character \0.
what about \n and \x00, is it the same?
\n is a new line character. If you're in a text editor and hit enter a \n will be inserted. \0 and \x00 are equal. The second one is hexadecimal denoted by the 'x'.
Thank, but It don't work :(. I have tried both \0 and \x00, however the program maybe jump over system(/bin/dash) function :(.
Most likely your command in system is just wrong and therefore not executed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.