0

I am trying to print the following data into file, but i get the following error: "/bin/sh: 1: Syntax error: Unterminated quoted string". Here is my program:

int main(void)
{
char* argv[] =  {"/bin/sh", "-c","printf '%b' '\x7f\x45\x4c\x46\x01\x00\x02\x03' > file.bin", NULL };
execve("/bin/sh", argv, NULL);

  return 1;
}

The problem is in the null byte in the middle of above text: \x7f\x45\x4c\x46\x01\x00\x02\x03" Is there any way to do this like above ?

Improve this question
1
  • FYI you are returning an error by default (return nonzero usually indicates a problem). Commented Feb 16, 2021 at 16:38

1 Answer 1

Reset to default
4

The problem with your code is that the backslashes are interpreted in the C string, while you want to pass it as argument for the sh command.

Therefore you must double escape each backslash character.

int main(void)
{
    char* argv[] =  {"/bin/sh", "-c","printf '%b' '\\x7f\\x45\\x4c\\x46\\x01\\x00\\x02\\x03' > file.bin", NULL };
    execve("/bin/sh", argv, NULL);
    return 1;
}

There's a compiler extension that allows R"(printf '%b' '\x7f\x45\x4c\x46\x01\x00\x02\x03' > file.bin)" -- see Does C support raw string literals? , but for portability don't use it.

Also, it's not possible to pass raw null byte into execve, see those questions

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.