问题
I am trying to exploit a buffer overflow in a challenge, the buffer gets it's value from an environment variable. In GDB I know that you can set environment variables using the command:
set environment username = test
However I need to pass the username variable special characters, so I need to do something like:
set environment username= $(echo -e '\xff\x4c......')
But that command doesn't get executed and the username variable contains literally what I wrote down, does anybody know a trick to pass special characters to an environment variable?
回答1:
Well, if you really need to do it from GDB, here is one example:
hello.c
#include <stdlib.h>
#include <stdio.h>
int main(int argc, char** argv) {
printf("argv[1]=%s\n", argv[1]);
printf("VAR=%s\n", getenv("VAR"));
return 0;
}
Example:
$ gcc -g -o hello hello.c
$ gdb ./hello
...
(gdb) set exec-wrapper bash -c 'exec env VAR="`echo myEnv`" "$@"' --
(gdb) r myArg
...
argv[1]=myArg
VAR=myEnv
Change VAR and echo myEnv to a variable and command you need.
But note that setting VAR from shell before starting GDB also works:
$ VAR=`echo Hey there` gdb ./hello
...
(gdb) r myArg
...
argv[1]=myArg
VAR=Hey there
回答2:
When starting gdb from shell command-line, you can specify which program to run, with which arguments (with --args), and even modify the environment of the program with the help of env!
I just did it successfully like this:
gdb --ex=run --args env LD_BIND=now LD_DEBUG=libs \
apt-get install --yes $(cat pkgs-to-install-to-crash-apt)
--ex=run is to ask gdb to run it immediately.
来源:https://stackoverflow.com/questions/34726206/set-environment-variable-in-gdb-from-output-of-command