I currently try to do a Buffer Overflow attack to a simple C Program. This Program takes 2 inputs via C's scanf function. The First input is secure, the second is not. So I found my shellcode, the padding and the new return adress. It should spawn a simple shell. So i tried it with the following:
#!/usr/bin/env python
...
p = subprocess.Popen(["/home/user/Desktop/A3/1/exploitme"], shell=True, stdout = subprocess.PIPE, stdin = subprocess.PIPE, stderr=subprocess.PIPE)
p.stdin.write('A\n')
p.stdin.write(OVERFLOWCODE)
stdout, stderr = p.communicate()
print(stdout)
But i don't see the //bin/sh terminal. However I think the problem is not the Code i use (it should work fine), the Problem seems to be that like the command itself says that it just creates a subprocess where just the programm can communicate with, and not me.
So my question is, how can I make it possible to run the programm, enter two strings to the scanf's and then take control over the Program? Something like spawn a new Terminal and pipe the two commands in there.
The Problem is I can't just enter the Code manually because there is something like ASLR (it creates a buffer with size of srand of unix time in seconds), so I must calculate the return adress every second new.
Any Ideas to make this work?
