7

Is there a way one can issue non ascii hex characters to a scanf that uses %s ? I'm trying to insert hexadecimal chars like \x08\xDE\xAD and so on (to demonstrate buffer overflow).

The input is not to a command line parameter, but to a scanf inside the program.

asudhak
  • 2,929
  • 4
  • 22
  • 27
  • Then why not `fprintf("\0xDE")` to the standard input of your program? –  Feb 27 '13 at 22:44
  • 2
    If you can type those characters on your keyboard, that should work. Otherwise, a redirect, `./a.out < file_with_shellcode`? – Daniel Fischer Feb 27 '13 at 22:44
  • My first edit didnt go through. What you're saying will work if the input was a command line argument. This however is not a command line argument. And the characters I want to print are not Printable. – asudhak Feb 28 '13 at 00:14
  • What do you mean by "hexadecimal characters"? If by `\x08` you mean the ASCII backspace character, hexadecimal is just a human-readable way to represent it; the character itself is just a (non-printable) character. And how does reading non-printable characters with `scanf` demonstrate buffer overflow? A long sequence of printable characters would do the same thing. – Keith Thompson Feb 28 '13 at 01:30

2 Answers2

2

I assume you want to feed arbitrary data on stdin (since you read with scanf).

You can use the shell to create the data and pipe it into your program, e.g.

printf '\x08\xDE\xAD' | yourprogram

Note that this will only work as long as there are no white-space characters to be fed (because scanf with a %s format stops at white-space).

Jens
  • 69,818
  • 15
  • 125
  • 179
  • If you're on Windows and don't have the `printf` command, make a file and redirect `stdin` to it: `yourprogram < deadfile` – anatolyg Oct 21 '15 at 10:13
1

When you say 'to a scanf()', presumably there is other data than just this to be supplied. Would it work to have a program, perhaps a Perl or Python script, generate the data and write the non-ASCII characters to the standard input of your program? If you need standard input to appear like a terminal, then you should investigate expect which handles that for you. This is a common way of dealing with the problem.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278