Collaborate Disseminate
[As part of a ctf] I am trying to exploit a remote server through a tcp connection. The server is using snprintf() and provides user input as the formatting string. My goal is to dump the stack. Determine the address on the stack of a vari… Continue reading C – Remote string format attack exploit – %n Does not seem to write anything on the stack
Suppose that we have this code (in TypeScript syntax):
function one(str: string): string {
// do something with the string
return str
}
function two() {
let s = getSomeString() // returns some unknown string that may contain surroga… Continue reading A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?
I recently saw a CTF challenge application (elf x86_64) on Linux environment, vulnerable to several attacks including format string, because the complexity of the full exploit, I don’t want to say too much about, I saw someone who use some… Continue reading How to use %n formatter in format string [closed]
I’m trying to solve a problem on format string exploitation in which I have to overwrite anything in a specific address. Since the target address has a null byte at the begining, I need to write it at the end of the format string, and I wa… Continue reading How to read memory from format string exploit correctly
So I hope I’m phrasing this right. I’m trying to exploit a piece of c code which you can see below.
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int user_age;
void secretClub(){
… Continue reading Can you perform a buffer overflow and a format string attack at the same time?
Background
A while ago I started using F strings in Python but remembered seeing some security concerns with using them with user input so I have made a point of not using them for those situations.
Question
Are there security concerns to … Continue reading Are there any Security Concerns to using Python F Strings with User Input
I’m new to Software security and I’m studying it now at the university.
I had some doubts about the Format String exploit, in particular how to count the length (in number of bytes) of a format string exploit.
Suppose that I have the follo… Continue reading Format string exploit length
I’m doing a CTF exercise here:
https://c-wars.acnr.se/download/level2.tgz
There is a docker with the vulnerable service, which I need to found the value of a variable. I was able to do it by the following input:
== Login Service 1.0 ==
… Continue reading How to send a string format exploit through socket
I’m learning about format string exploits, and am attempting to use one on an example program to overwrite the .fini_array section in virtual memory with a stack address containing shellcode (and hence redirect execution to the shellcode o… Continue reading Writing to .fini_array
I am aware that Format String Attacks work by having a vulnerable function which allows the user to read values from the stack using %x and write by using %n.
Since one of the goals of a Format String Attack can be to overwrite the addre… Continue reading Does StackGuard prevent Format String Attacks