How do I provide stdin inputs from command line?
I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by me.
The vulnerable code uses scanf to read data from stdin.
./vulnerable < malicious_payload_file.txt works fine.
more malicious_payload | ./vulnerable and echo JUNK_JUNK_JUNK_JUNK | ./vulnerable also works as expected.
However, i would like to use the attack programme to keep supplying incrementally longer payloads till the programme crashes. So, I need to dynamically generate larger payloads of junks. I am using system ("./vulnerable"); to repeatedly call and test for an abnormal exit.
How do I specify such a payload?
Is there a way to run ./vulnerable < malicious_payload_binary or in some manner such that I do not have to put the malicious payload in a file, but can specify it in the command line?
Answer
How about this?
echo "your payload goes here" | ./vulnerable
You can replace the echo command with any command that generates the input to ./vulnerable you want. One such example is a constant flow of junk as input, you can do this:
cat /dev/urandom | ./vulnerable