The following is a brief introduction of terminal commands that you will likely make use of in this course. If you think of any others worth including here, please let us know on Piazza!
pwd: print working directory:
$ pwd # Print path of current dir
mkdir: create directory:
$ mkdir dir # Create directory dir
cd: change directory:
$ cd dir # Move to directory dir $ cd .. # Move to parent of current directory $ cd ../.. # Move to parent of parent of current directory
ls: list the contents of a directory:
$ ls # Print contents of current directory $ ls dir # Print contents of directory dir
rm: permanently delete:
$ rm file # Remove file $ rm -r dir # Recursively delete directory dir and its contents
cp: copying files:
$ cp srcFile dstFile # Copy srcFile over dstFile $ cp srcFile dstDir # Copy srcFile to dstDir $ cp srcDir/* dstDir # Copy contents of srcDir into dstDir
cat: print or concatenate files:
$ cat file # Print the contents of file $ cat src > dst # Copy contents of src over dst $ cat pre suf > new # Concatenate prefix and suffix into a new file
mv: move files or directories:
$ mv srcFile dstDir # Move srcFile to dstDir/srcFile $ mv srcDir dstDir # Move srcDir to dstDir/srcDir
wget: download from web:
$ wget url.com/srcFile # Download srcFile to current directory
tar -xf: extract archive:
$ tar -x src.tar.gz # Extract archive src to current directory
tar -czvf: generate archive:
$ tar -c dst.tar.gz src # Create archive dst.tar.gz containing src
Certain bytes corresponding to specific characters are handled differently by bash. These can cause issues when used as arguments, leading to frustration.
Null Bytes: b'\x00'
payload = pack('<', 0xFFFF00FF) # Payload containing byte \x00 after packing in python
$ ./target# $(python3 sol#.py) # Inputting payload into target
bash: warning: command substitution: ignored null byte in input
Bash is written in C which uses a 0 byte as a null terminator to know when a string ends. Bash originally 'stripped' bytes when parsing data by failing to read characters after a null terminator. Now, you get this warning instead.
Whitespace: b'\x0A' b'\x09' b'\x20'
payload = pack('<', 0xFFFF0AFF) # Payload containing byte \x0A after packing in python
$ ./target# $(python3 sol#.py) # Inputting payload into target
Error: need a command-line argument
payload = pack('<', 0xFFFFFF0A) # Payload containing byte \x0A after packing in python
$ gdb --args target# $(python3 sol#.py)# Inputting payload into target
(gdb) x/wx <input address>
<input address>: 0x00ffffff # Not what the payload was!
Bash specifies three characters as 'whitespace', which is spaces (\x20), new lines (\x0A), and horizontal tabs (\x09). By default bash splits these arguments on whitespace characters. If this byte appears in the middle of a string, it will be parsed as two arguments. If the byte is at the front or end of a string, the argument will be shorter than anticipated.
While there are ways of avoiding these issues, they are out of the scope for project2. If your target address contains one of these bytes, check your math!