How to pass \x00 as argument to program?

Question

I have a small program where I wish to pass shellcode as argument. In the shellcode, there is a necessity to pass \\x00. I tried the following command:

./pro         


        

Answer 1

If you check with wc, you'll find that the NUL character is indeed passed:

$ python -c 'print "\x00"' | wc -c
2

To get rid of the newline at the end:

$ python -c 'import sys; sys.stdout.write("\x00")' | wc -c
1

This data is passed to the script, but the problem is that NUL can not be part of a variable value.

To see how, try to pass this to a script:

$ cat test.sh 
#!/usr/bin/env bash
echo ${#1}
$ ./test.sh "$(python -c 'import sys; sys.stdout.write("\x00")')"
0

Gone. But there's a way to save the day - Read from standard input, using either redirection or a pipe:

$ cat test2.sh 
#!/usr/bin/env bash
wc -c
$ ./test2.sh < <(python -c 'import sys; sys.stdout.write("\x00")')
1
$ python -c 'import sys; sys.stdout.write("\x00")' | ./test2.sh
1