Fuzzing in action

Let's take a basic code written in C, that takes a user input and displays it on the terminal:

#include <stdio.h>#include <unistd.h>int vuln() {       char arr[400];    int return_status;      printf("What's your name?\n");    return_status = read(0, arr, 400);        printf("Hello %s", arr);        return 0;}int main(int argc, char *argv[]) {    vuln();    return 0;}ssize_t read(int fildes, void *buf, size_t nbytes);

The following table explains the fields used in the preceding code block:

Field Description
int fildes The file descriptor of where to read the input. You can either use a file descriptor obtained from the open (http://codewiki.wikidot.com/c:system-calls:open) system call, or you can use 0, 1, or 2, to refer to standard input, standard ...

Get Hands-On Penetration Testing with Python now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.