Home > database >  Executing compiled C file in Linux terminal : understanding syntax (buffer overflow application)
Executing compiled C file in Linux terminal : understanding syntax (buffer overflow application)

Time:11-03

I'm trying to learn the buffer overflow functionality, and I found:

ouah@weed:~$ ./vuln1 `perl -e 'print "A"x300'`

where vuln1 is the compiled C file vuln1.c :

#include <stdio.h>

main (int argc, char *argv[])
{ 
   char buffer[256];
   if (argc > 1)
      strcpy(buffer,argv[1]);
}

So I would know the signification of those weird ``perl -e 'print "A"x300'`: what do the "perl -e" and the "print" are supposed to mean here (I know that there are supposed to be the main() arguments), and same for "A"x300 that looks like a multiplication but less '*' (because the goal of this command is to overflow buffer) and in the same time to hexadecimal writing...

CodePudding user response:

Perl is a scripting language. perl with the -e switch evaluates the next argument as code directly (instead of running a script file).

print is a Perl built-in function that outputs its arguments.

x is the repetition operator in Perl. "A" x 3 yields "AAA".

The final piece of the puzzle is that backticks (` `) in bash will execute their contents as command and yield whatever that command printed to stdout.

So, this is a quick and easy way to generate 300 A's as argument to ./vuln1 which will overflow the 256-byte buffer when the argument is read.

Replace ./vuln1 with plain echo to see what argument gets eventually passed.

Page link:https//www.codepudding.com/database/176622.html

Prev:Can we create a random uint8_ number using a simple casting?
Next:C language printf function and output problem
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding