Results 1 to 5 of 5

Thread: Play around with "stdin" and "stdout"

  1. #1
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Play around with "stdin" and "stdout"

    stdin = Standard Input (the information you give to a program while it's running). By default, this is connected to your keyboard.

    stdout = Standard Output (the information you get from a program while it's running). By default, this is connected to the terminal you're using on-screen.

    Typically, there's two ways of supplying a program with input. The first one is stdin. Here's an example of how stdin would be used by a program:

    Code:
    Please enter your username: (you type your username here and it goes into stdin)
    Please enter your password: (again it goes into stdin)
    There's one other way though of giving info to a program, and that's by giving it command Line arguments whereby you specify extra stuff at the command line before the program actually starts to run, an example would be:

    Code:
    iwconfig wlan0 essid MyNet key off
    In this example, the program name is "iwconfig" and the command line arguments are "wlan0 essid MyNet key off".

    Just to be clear from the very beginning: The arguments you supply at the command line do not go to stdin. stdin is a different thing altogether. stdin gets the input you give to a program after it has started running, for instance if the program asks you for your username and password, then the stuff you type in goes into stdin.

    So if you're writing your own program that needs to take input from the user, you've got two options: Command line arguments or stdin. Of course you can do some fancy like write a GUI program, but we're gonna stick to the basics here.

    Now on to output. You can write output to stdout, and by default it gets printed on the screen. In my original example above, the text "Please enter your username: " would get printed to the screen by sending the text to stdout.

    Before I being with the following example, I have to be honest and say I've never had much of an interest in making big dictionary files for doing password cracking, but I do find it fun to write the programs that make the dictionary files (I think there's a diagnosis of Aspergers in there somewhere ).

    Moving on...

    The great thing about the Linux terminal is you can redirect stdin and stdout. The output of one program can become the input for another program.

    For this example, I'm going to write two different programs to do with creating dictionary files. First of all though, I wanna start off with a small dictionary file as follows, here's "in.txt":

    Code:
    cat
    dog
    frog
    If we want this file to become the input to a program called "appnum", then we do the following at the terminal:

    Code:
    cat in.txt | ./appnum
    This is referred to as "piping", we say that we're piping the output of the cat command into the appnum command (as if the text is going through a pipe between the two programs).

    So now let's write a very small C program called "Append Numbers", its purpose is to append the numbers 0 through 9999 to every line of text it gets from stdin. This program does not take any command line arguments, and you know this because the "main" function has "void" as its parameter list. (If you want to take command line arguments you need to write the main function signature as follows:
    int main(int argc, char **argv)).

    So here's appnum.c:

    Code:
    #include <stdint.h>   /* For types such as uint_fas8_t */
    #include <stdio.h>    /* printf */
    #include <string.h>   /* strlen */
    
    void PrintCombos(char const *const str)
    {
        uint_fast16_t i = 0;
    
        for (i = 0; i != 10000u; ++i)
        {
            printf("%s%u\n",str,i);
        }
    }
    
    int main(void)
    {
        char line[62]; /* 59 for password from file
                          4 for the numbers we're gonna append,
                          1 for new line character,
                          1 for null terminator */
    
        while ( fgets(line,sizeof line,stdin) )
        {
            uint_fast8_t const index_of_final_char = strlen(line) - 1;
    
            /* If there's a new line at the end of the password, get rid of it */
            if (line[index_of_final_char] == '\n')
            {
                line[index_of_final_char] = '\0';
            }
    
            PrintCombos(line);
        }
    
        return 0;
    }
    You can copy this code into a file called "appnum.c", and then compile it as follows:

    Code:
    gcc appnum.c -D NDEBUG -O3 -s -o appnum
    You gotta remember, this program doesn't take any command line arguments, so you need to give it information via stdin after the program has started running. A handy way of supplying it with one line of text at the command line is as follows:

    Code:
    echo iliketowatch | ./appnum
    Or you can shove a dictionary file into it as follows:

    Code:
    cat in.txt | ./appnum
    As you can see if you run this, the output gets printed to the screen (because stdout gets sent to the screen by default). If you want it to go to a file instead, then do:

    Code:
    cat in.txt | ./appnum > out.txt
    This is another form of piping, we use ">" to take the output of a program and create a text file from it.

    You can use the Kate text viewer to check how the output file looks:

    Code:
    kate out.txt &

    ------------------------------------
    To read more, scroll down to post #3 in this thread, I had to split it up coz I was having problems with posting.
    ----------------------------------------
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  2. #2
    Junior Member
    Join Date
    Mar 2006
    Posts
    28

    Default

    Quote Originally Posted by Virchanza View Post
    To the admins: Please don't delete this thread, I'll edit this article when I get home.
    I look forward to what you have to say. Maybe we can stop hijacking the crunch thread with this discussion

    *Post edited with firefox to see if it works

  3. #3
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    But the fun doesn't stop there. You can string a load of different programs together.

    Here's a slightly more complicated C program, its purpose is to get all the uppercase and lowercase combinations of every line of text it gets from stdin. Again, this program does not take any command line arguments, instead it reads from stdin. You can copy the following text into "updown.c":

    Code:
    For some unknown reason I can't post the code here,
    I'm getting a webserver error when I try to post the code.
    
    Anyway you can see the source code here:
    
    http://virjacode.com/uplow.txt
    Compile as follows:

    Code:
    gcc updown.c -D NDEBUG -O3 -s -o updown
    You can try it out with one word as follows:

    Code:
    echo dog | ./updown
    Or give it a dictionary file as follows:

    Code:
    cat in.txt | ./updown
    The real fun comes though when you string a load of programs together, such as the following:

    Code:
    cat in.txt | ./updown | ./appnum
    The great thing about this is that you don't need to create a ginormous dictionary file on your hard disk. You can take the final output and pipe it into your favourite brute force program:

    Code:
    cat in.txt | ./updown | ./appnum | cowpatty -d - -r wpa-01.cap -s NETGEAR
    stdin and stdout are the best thing since sliced bread
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  4. #4
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Shameless *bump* *bump* *bump* coz I finally managed to write something in this thread.

    Note to the admins: I think the reason I've had trouble posting is something to do with code blocks (i.e. where you write "code" in square brackets and then write some source code), I don't think they're working properly on the forums. For instance if I try to post the source code for "uplow.c", I get the usual webserver error that says the POST method isn't allowed to "edit.php".
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  5. #5
    Junior Member
    Join Date
    Mar 2006
    Posts
    28

    Default

    I do something similar for my targeted brute force attacks. For example if I want to run John the Ripper's incremental mode which uses markov models, but add a little logic I just use

    Code:
    ./john -incremental=Alpha -session=i_alpha -stdout | ./middleChild -cap first -append s1d1 | ./john -stdin -format=raw-MD5 ./targethashes.txt
    Using this John the Ripper outputs a markov model generated alpha string, and my script takes it, capitalizes the first letter and adds one special character followed by one digit to the end. Aka it makes guesses like "Myguess!2". I then pipe the guesses back into John the Ripper to actually try and crack the password. You have to use the -session option on one of the JtR instances otherwise they both try to write to the same crash protection file.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •