2

I am trying to compile this using the terminal on Ubuntu 12.04 (Precise Pangolin):

#include <stdio.h>
#include <stdlib.h>

main()
{
    /* Declare argument array */
    char *args[2];

    args[0] = “/bin/bash”;
    args[1] = NULL;

    execve(args[0], args, NULL);

    exit(0);
}

I found this example on Buffer Overflow Primer Part 4 (Disassembling Execve) which also happened to be the one Aleph One used in 'Smashing the Stack for Fun and Profit'. I am aware that much has changed since then. In more simple examples I have used:

gcc -ggdb -mpreferred-stack-boundary=2 -fno-stack-protector filename filename.c

Other times I may include the static utility. It has worked up until I have tried to compile the C code above. The message I receive from the terminal is:

gcc -static -mpreferred-stack-boundary=2 -fno-stack-protector -o shell shell.c

Output:

shell.c: In function ‘main’:
shell.c:9:2: error: stray ‘\342’ in program
shell.c:9:2: error: stray ‘\200’ in program
shell.c:9:2: error: stray ‘\234’ in program
shell.c:9:15: error: expected expression before ‘/’ token
shell.c:9:15: error: stray ‘\342’ in program
shell.c:9:15: error: stray ‘\200’ in program
shell.c:9:15: error: stray ‘\235’ in program

I understand that this is a very simple example and that this error is probably caused by current standard security measures in Linux, but I would like to get around them to practise with this example and more in the future. How can I fix this problem?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
SunnyNewb
  • 385
  • 1
  • 3
  • 17
  • A direct analysis is 342 200 234 (octal) → 0xE2 0x80 0x9C (hexadecimal) → UTF-8 sequence for Unicode code point U+201C ([LEFT DOUBLE QUOTATION MARK](https://www.charset.org/utf-8/9)). And 342 200 235 (octal) → 0xE2 0x80 0x9D (hexadecimal) → UTF-8 sequence for Unicode code point U+201D ([RIGHT DOUBLE QUOTATION MARK](https://www.charset.org/utf-8/9)). They can be searched (and replaced) by regular expression `\x{201C}|\x{201D}` (in [Visual Studio Code](https://en.wikipedia.org/wiki/Visual_Studio_Code) and some others, the notation is `\u201C|\u201D`). – Peter Mortensen Apr 27 '23 at 17:03
  • This is a ***very*** common error when copying code from web pages, [PDF](https://en.wikipedia.org/wiki/Portable_Document_Format) documents, through chat (e.g. [Skype Chat](https://en.wikipedia.org/wiki/Features_of_Skype#Skype_chat) or [Facebook Messenger](https://en.wikipedia.org/wiki/Facebook_Messenger)), etc. The canonical question is *[Compilation error: stray ‘\302’ in program, etc.](https://stackoverflow.com/questions/19198332)*. – Peter Mortensen Apr 27 '23 at 17:04
  • And in this case, it was revealed which web page it was copied from, so it should be possible to reproduce this kind of error (if the rendering of the web page wasn't changed in the meantime; that happened for some of the [QMK](https://docs.qmk.fm/#/faq_general?id=what-is-qmk) pages (with sample code), for example [this page](https://docs.qmk.fm/#/feature_macros). Ask me how I know...). – Peter Mortensen Apr 27 '23 at 17:36

2 Answers2

4

You have "smart" quotes around your string literal,

“/bin/bash”;

Try using ordinary quotes ".

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Daniel Fischer
  • 181,706
  • 17
  • 308
  • 431
2

I think that this has nothing to do with security and instead is the following line:

args[0] = “/bin/bash”;

The quote characters you're using to delimit the string are not the standard ASCII quote character; instead, they're pretty Unicode characters for quotes.

Try rewriting this as 

args[0] = "/bin/bash";

by replacing the quote characters with fresh double-quotes.

As an aside - it's provably impossible for the compiler to detect all programs that might launch a shellcode. I would be shocked if any standard compiler would do anything at all to stop programs from compiling due to security holes.

Hope this helps!

templatetypedef
  • 362,284
  • 104
  • 897
  • 1,065
  • Yes it worked!! - I now get this: To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details. ss@ss-laptop:/home/ss$ Is that what I should see? – SunnyNewb Jul 04 '12 at 19:32