I am learning lldb from security perspective. I am trying to perform a bufferoverflow in the below sample code.
#include<stdio.h>
void return_input(void) {
char array[30];
gets(array);
printf("%s\n", array);
}
int main(){
return_input();
return 0
}
gets
function is the target here.
While inside lldb console, I need to key in the long string that will override the return
address. if I try a string like,
(lldb) AAAAAAA\x01\x02
They are being treated as individual characters and not hex values.
How do I pass in hex values as input while inside LLDB session? Basically, I am trying to overwrite the memory.
There are other answers where we pass the string as an argument, but i want to key in the data myself while inside the session.
In the below picture you can see that the hex are actually, converted into strings
Thanks.
CodePudding user response:
You are trying to enter arbitrary bytes via gets()
into your variable array
and beyond. This is not straight-forward and partially impossible, as the standard input stream and gets()
commonly does not take all codes and filter some codes.
For example, if you want the byte 0x0D (or 0x0A, depending on your terminal) in your input, you could try to type Enter. But this key will get filtered by gets()
as it thinks you have finished your input.
You can type many codes, by combinations of Ctrl and A to Z or umlauts or accented characters. But it is difficult to get exactly the sequence of codes you want.
You can try this: Prepare a sequence of characters that resemble your hex bytes in a text editor. Copy them into the console when gets()
expects your input.
To see which character produces what code, consider to write a little experimental program that calls gets()
and prints the received codes:
#include <stdio.h>
int main(void) {
char line[30];
gets(line);
for (int i = 0; i < sizeof line; i) {
printf("%d: %X\n", i, line[i]);
}
return 0;
}
Note: Please adopt a code style and stick to it. Your source is not indented at all.
CodePudding user response:
Well, hexadecimal just means how you represent something. By typing ascii characters you are already writing hex, just not the hex you want. If you type \x01 ascii you have actually typed 0x5C 0x78 0x31 0x32 (courtesy of one of the first ascii tables I found ).
You should do the inverse process. If you want to type 0x01 0x2 then you must enter a SOX and STX symbol.