Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

Security-Oriented C Tutorial 0x0B - User Input

Dec 22, 2015 12:43 PM
ANSI C Programming Language Logo

Hey readers! This tutorial will be the entry point for the introduction of buffer overflows. Something like requesting user input is a very common place for vulnerabilities to pop up and we will definitely have fun while trying to make programs crash. But for now, let's start with how we can get input from a user.

Scanf - Requesting Input

In the previous tutorial, we used the scanf man page. If you have read the page, then you will know what's going on. I will say again that I will no longer be explaining what functions do in detail unless they are ones that I have made myself (we will be covering functions in a later tutorial).

Similar to the printf, we can provide a format specifier to determine what kind of input we desire, be it an integer, a character, a string, etc. and we can give it another parameter as a variable to correspond with each mentioned format specifier. This will read from the console, obtain the value in the appropriate data type and store it into our variable. The difference between printf's and scanf's variable parameters is that the variable must be prepended with the address-of operator (&). The only variable where you do not need the address-of operator is when it is a character array. The reason for both of these phenomena will be presented in a tutorial on pointers and addresses.

Let's write some code to illustrate this.

Example Code

Code snippet demonstrating basic C programming with input/output functions.

Note Do not put newline characters in the string parameter of scanf like you would do in printf.

Here we ask the user to enter in a number to be stored in the num variable and a string to be stored in the string variable.

Compiling and Running

Terminal interface displaying a C program's input and output process.

Works perfectly!

Gets - Requesting String Input

Besides the scanf function, there exists another function specifically for obtaining strings from the user. Let's see it in code.

Example Code

C programming code snippet with input and output functionality.

We can use the gets function to get a string from the user through the console and store it into the string variable.

Compiling and Running

Code compilation and execution output in a terminal window displaying "Hello, World!" message.

Nothing wrong with that... Or is there...?

Conclusion

Again, play around with these functions, do some crazy things people won't ever even think of. Just go wild with it! Next tutorial I will be introducing the buffer overflow vulnerability to you guys and I will also demonstrate what can happen when getting user input goes horribly, horribly wrong!

dtm.

The next big software update for iPhone is coming sometime in April and will include a Food section in Apple News+, an easy-to-miss new Ambient Music app, Priority Notifications thanks to Apple Intelligence, and updates to apps like Mail, Photos, Podcasts, and Safari. See what else is coming to your iPhone with the iOS 18.4 update.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!