问题
I am trying to compile this using the terminal on ubuntu 12:
#include <stdio.h>
#include <stdlib.h>
main()
{
/*declare argument array*/
char *args[2];
args[0] = “/bin/bash”;
args[1] = NULL;
execve(args[0], args, NULL);
exit(0);
}
I found this example on http://www.securitytube.net/video/235 which also happened to be the one Aleph One used in 'Smashing the Stack for Fun and Profit'. I am aware that much has changed since then. In more simple examples I have used:
gcc -ggdb -mpreferred-stack-boundary=2 -fno-stack-protector filename filename.c
Other times I may include the static utility. It has worked up until I have tried to compile the C code above. The message I receive from the terminal is:
ss@ss-laptop:~$ gcc -static -mpreferred-stack-boundary=2 -fno-stack-protector -o shell shell.c
shell.c: In function ‘main’:
shell.c:9:2: error: stray ‘\342’ in program
shell.c:9:2: error: stray ‘\200’ in program
shell.c:9:2: error: stray ‘\234’ in program
shell.c:9:15: error: expected expression before ‘/’ token
shell.c:9:15: error: stray ‘\342’ in program
shell.c:9:15: error: stray ‘\200’ in program
shell.c:9:15: error: stray ‘\235’ in program
ss@ss-laptop:~$
I understand that this is a very simple example and that this error is probably caused by current standard security measures in linux but I would like to get around them to practise with this example and more in the future. If anyone can help, it would be 'smashing'.
cheers
回答1:
You have "smart" quotes around your string literal,
“/bin/bash”;
try using ordinary quotes ".
回答2:
I think that this has nothing to do with security and instead is the following line:
args[0] = “/bin/bash”;
The quote characters you're using to delimit the string are not the standard ASCII quote character; instead, they're pretty Unicode characters for quotes.
Try rewriting this as
args[0] = "/bin/bash";
by replacing the quote characters with fresh double-quotes.
As an aside - it's provably impossible for the compiler to detect all programs that might launch a shellcode. I would be shocked if any standard compiler would do anything at all to stop programs from compiling due to security holes.
Hope this helps!
回答3:
Thanks for the rapid responses everyone. I have learned a few things:
1) Copy and paste is stupid
2) Dont copy and paste
3) check my quotation marks anyway
The answer was the quotation marks. I deleted and typed them again. *Sigh.
Cheers
I'm a newb - I'm the first one to admit it.
来源:https://stackoverflow.com/questions/11334454/how-do-i-make-this-simple-shellcode-c-program-compile-from-terminal