Home > Mobile >  Different results when running C program from Python Subprocess vs in Bash
Different results when running C program from Python Subprocess vs in Bash

Time:03-20

I've got a string/argument that I'd like to pass to a C program. It's a string format exploit.

'\xb2\x33\02\x08x%2$n'

However, there seems to be different behaviours exhibited if I call the C program from Python by doing

subprocess.Popen(["env", "-i", "./practice", '\xb2\x33\02\x08x%2$n'])

versus

./practice '\xb2\x33\02\x08x%2$n'

The difference is that the string exploit attack works as expected when calling the script via subprocess, but not when I call it through the CLI.

What might the reason be? Thanks.

CodePudding user response:

Bash manpage says:

Words of the form $'string' are treated specially. The word expands to string, with backslash-escaped characters replaced as specified by the ANSI C standard. Backslash escape sequences, if present, are decoded as follows: [snipped]
\xHH the eight-bit character whose value is the hexadecimal value HH (one or two hex digits)

Then would you please try:

./practice $'\xb2\x33\02\x08x%2$n'

Page link:https//www.codepudding.com/Mobile/341662.html

Prev:gcc inline-assembly compilation error when optimization flags is not enabled?
Next:what goes on when you define a variable in a loop in c
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding