Understanding Bash STDOUT / STDERR using Hping3

Commands run on bash prompt can output content to standard output (STDOUT) and standard error (STDERR)

If you wish to suppress some data, it can be done by redirecting content from either sources to /dev/null. Alternate notations for the above are :

STDOUT = 1

STDERR = 2

/dev/null refer to the Null Device File that discards all data written to it (http://en.wikipedia.org/wiki/Null_device)

Taking the example of hping3, we can see different outputs as below

The default output of hping3 is sent to both STDOUT and STDERR. The ping responses are sent to the STDOUT, whereas the packet summary/statics is sent to STDERR

Default Output

Default Output

When we send the output from hping3 to /dev/null, only the STDOUT is sent to /dev/null. The other part of the output is not sent to /dev/null as it is actually sent to STDERR

STDOUT to /dev/null

STDOUT to /dev/null

If we want to send the STDERR to /dev/null, we can do the same using the notation 2> . As mentioned earlier the integer notation for STDERR is ‘2’. Thus ‘2>’ represents redirecting STDERR to non-standard location.

STDERR to /dev/null

STDERR to /dev/null

If you don’t want any output from a command, you can simply redirect STDERR to STDOUT which in-turn is redirected to /dev/null

Both STDERR and STDOUT to /dev/null

Both STDERR and STDOUT to /dev/null

If in some weird use-case you wish to push everything to STDERR, it can be done using 1>&2

STDOUT to STDERR

STDOUT to STDERR

Knowing how to redirect STDOUT and STDERR is very useful when scripting in bash.

[Tool] Unique Pattern Generator for Exploit Development

CAUTION: I have realised, that this script gives wrong results after a certain length of characters. It’s not recommended for use. The intention for this script was for me to learn some coding – which I have. But I haven’ got the time at the moment to fix the errors. Hopefully, sometime in the future, I’ll be able to re-write the code. You can use corelanc0d3r’s pvefindaddr.py, which is an excellent script for Immunity Debugger.

Update: Thanks to corelanc0d3r for pointing out that my script does not generate an output same as the metasploit and pvefindaddr scripts. This is useful, as pointed by him, to anyone wishing to mix the outputs/offsets between the tools. I have made relevant changes to the code and also fixed another bug which prevented all offsets from being calculated.

While developing exploits, at times you require a unique string for which any 4 consecutive characters selected at an instance are unique across the string(or may be repeated only after a large gap of characters). This is mostly used to find the ‘offset’ of the characters which have over-written the EIP register.

Metasploit (version 3.0+) has a tool for both:
1) to generate the string pattern (tools/pattern_create.rb)
2) to find the offset of the required pattern (tools/pattern_offset.rb)
Continue reading