Collaborate Disseminate
I have this code which has a format string vulnerability in it:
#include <stdio.h>
int main() {
char buf[1024];
char secret1[64];
char flag[64];
char secret2[64];
// Read in first secret menu item
FILE *fd = fopen(&quo… Continue reading why is an allocated buffer stored on the stack and the heap?
I’m learning binary exploitation with the picoCTF challenges. I solved Stonks, but I’m trying to learn more about how the stack works.
What I did was the following:
checked out the source, here is the vulnerable snippet
int buy_stonks(Po… Continue reading String format exploit works differentely on my machine than on remote target
The following code should be exploited and I need to exploit it in such a way that it runs my command (l33t) and there should be shellcode and exploit included, so that it runs my command. I believe I need to use GDB and it has something t… Continue reading How can I exploit the following code using string format vulnerabilities, Global offset table & GDB? [closed]
Can a non-sanitized user input result in a vulnerability if passed to System.out.printf (Or any equivalent function that takes a format)?
Example:
public class Demo {
public static void main(String[] args) {
String userInput = … Continue reading Format string vulnerability in Java?
How to easily, non-programming, non-third-party way to reduce size of all:
dates and time
Images
Headers
Doing so helps those read essential information within MHT document from Steps Recorder.
As example, Windows Steps Recorder is showi… Continue reading How to reduce font size for all images, dates and times in Microsoft MHT document? [migrated]
I am not familiar with Python. I found lots of places talking about the format string issue in python. To understand its impact, I created a very simple test code:
# assume this CONFIG holds sensitive information
CONFIG = {
"KEY&q… Continue reading Is format string still an issue in Python?
I am scanning my website
sqlmap -u http://127.0.0.1/form –forms –random-agent –data="password=NotEmpty" –batch -t logtraffic.txt
yet if I open logtraffic.txt I get
VIEWSTATE=FilledWithCorrectValue&VIEWSTATEGENERATOR=Fill… Continue reading sqlmap form data is empty
Given the following code, how do I exploit the format string bug to change the string key_in_global to "Verysecure" with a capital V? How would I exploit it to change the string to "verysecure?"?
// gcc -g -m32 -no-pie … Continue reading Given the following C code, how do I exploit the format string bug to change the string?
Lets say that:
char name[50]="TEST";
printf("%s",name);
Here in the code, the %s just says that the variable is a string. But why when we print out user inputs, the %s suddenly change meaning? What’s the difference bet… Continue reading C++: How does format string vulnerability work?
[As part of a ctf] I am trying to exploit a remote server through a tcp connection. The server is using snprintf() and provides user input as the formatting string. My goal is to dump the stack. Determine the address on the stack of a vari… Continue reading C – Remote string format attack exploit – %n Does not seem to write anything on the stack