I am currently playing with format string attacks in C. I have a toy program that prints (to stdout) the address of a variable that I want to access, then accepts a line from stdin and printfs it..
Using Turtle, I'd like to be able to:
- execute the program
- parse the first few lines of
stdoutto retrieve the address - using the address, craft a format string for
printf(I know how to do this bit) - write the attack string to
stdin
However, I can't see how to do this. Using a function like inshell :: Text -> Shell Line -> Shell Line, I can supply some lines to stdin and get back a stream from stdout. However, I don't know how to inject new lines to stdin after having read a couple of lines from stdout.
If your goal is to test your program which performs IO you can use
shelltestrunner(project written in Haskell) if you want to test I/O scenarios for every project (non necessarily written in Haskell).