How to type ASCII code "00" and "01" in linux bash?
Solution 1
You can use echo -e
:
$ echo -ne 'AAAAAAAA\x01\x00\x00\x00' | python -c 'import sys; print repr(sys.stdin.read())'
'AAAAAAAA\x01\x00\x00\x00'
-e
allows echo
to interpret escape codes, and -n
suppresses the trailing newline.
Note that the Python program prints out the string representation of what it received, which is exactly what we sent in using echo
.
For more complex exploit strings, it's not uncommon to simply use Perl or Python to build the exploit string directly:
$ perl -e 'print "A" x 1024 . "\0\0\0\1"' | ./buf_overflow
Solution 2
Type the following command in terminal.
echo $'\000\001' > file1
This will save the values of ASCII Character 1 and ASCII Character 2 into a file named file1. Now you can read this in to your buffer exploit_buf.
Brian
Welcome to visit my blog. If you find my questions or answers useful, you can support me by registering honeygain with my referral link.
Updated on July 16, 2022Comments
-
Brian almost 2 years
I have program which looks like this:
/* buf_overflow.c */ #include <stdio.h> int main(){ char buf[4]; char exploit_buf[4]; fgets(buf, 4, stdin); gets(exploit_buf); printf("exploit_buf: %s\n", exploit_buf); return 0; }
I'm going to use the vulnerability of "gets" function to buffer-overflow some other variables. The value that I want to write to "exploit_buf" is "AAAAAAAA\x01\x00\x00\x00", but i don't know how to send ASCII codes "01" and "00" into exploit_buf.
I know that using this command "printf "AAAAAAAA\x01\x00\x00\x00"" can type the characters that I want, but I don't know how to send them into exploit_buf. I also know that Alt+(number keys on the right of the keyboard) can generate characters from the ASCII code I typed, but this doesn't work in my program either.
The main problem is "how can I skip the first function "fgets()" and type arbitrary ASCII code in "gets()"".
Anyone knows how to type arbitrary ASCII code in the command line of linux?
-
Brian about 11 yearsbut this program would fgets() first and then gets(), how can I skip the first function "fgets()"?
-
Gumbo about 11 yearsBash’s ANSI-C Quoting does also understand other escape sequences like
\xHH
. -
anthony almost 4 yearsyoucan also use the BASH built in printf.. printf 'AAAAAAAA\x01\x00\0\0'