I am trying to create a script that automatically performs a buffer overflow attack for a given vulnerable script (vuln.c) on my local machine. I am modelling my scripts of of this tutorial (https://0x10f8.wordpress.com/2019/05/18/simple-buffer-overflows/). The tutorial uses SSH/another computer. I simply want to do this on my local machine.
My script
import subprocess, signal
from subprocess import Popen, PIPE
from pwn import *
#Number of characters required to crash, must specify in hex
crash_at = 0x28
# Start debugging the vulnerable binary
gdbProcess = subprocess.Popen(["gdb", "vuln"],stdin=PIPE,stdout=PIPE,stderr=PIPE)
#Encode instruction as bytes
stdout, stderr = gdbProcess.communicate(input=b'run\n')
print(stdout)
# Send a cyclic string of known characters aaaa baaa caaa etc.
stdout, stderr = gdbProcess.communicate(cyclic(crash_at))
print(stdout)
# Hand an interactive shell back to the user
#bash.interactive()
print("Done")
When I run this script, I get this error:
ValueError: Cannot send input after starting communication
After googling, I found this question: Multiple inputs and outputs in python subprocess communicate which seems (at least to me) that multiple inputs is not possible.
Is it possible to pipe multiple commands/input to the gdb process and then return that process/terminal to the user to use? Am I using the wrong library. I attempted this with paramiko, but due to zsh shell shenanigans it wont work.
