How to write to stdin of a running program

Question

I am attempting to exploit a buffer overflow vulnerability in C code that basically boils down to this:

int main(void) {
    char buf[100];
    gets(buf);
    return 0;
}

Without going into detail of the assignment, I would like to overflow this buffer without having to type Unicode characters by hand, and copy/pasting has not worked out for some special characters.

What I have tried

Copying/pasting the string directly. This seems to have weird results for some characters. For example, if I paste the character '\x90' and examine the memory in gdb it shows up as '\x90\x21'.

Writing to /proc//fd/0 this kinda works as it prints the string I want in there terminal, however if I add a printf to the above code it doesn't print anything. I have tried using the pid of both the terminal and the running program and gotten the same result.

Using pipe(), fork(), dup(), exec() finally I wrote a program which opens a pipe, duplicates the write stream to stdin, execs the program, then writes the attack to the write pipe. This actually wrote the string, and will print it. However, it doesn't write all of the bytes. If I attempt to write 500 bytes of 'A' to the vulnerable program it only prints ~120, and the program doesn't even crash.

Is there some method that I am missing? Or something I am doing wrong in the above methods?

I am using Ubuntu 12.04 in VirtualBox. Let me know if there is more information needed.

Answer 1

You can pipe the output of a command into your program. A simple way to send 100 'X' characters followed by a newline into your program (which I'll call ./prog):

sh -c 'for i in `seq 1 100` ; do echo -n X; done; echo ""' | ./prog

Replace the 100 above to change the number of 'X' characters before the newline