Learn the basics of exploiting format string attacks
- %x: print hex
- %d: print decimal
- %s: print string given pointer to string on stack
- %n: store number of characters printed thus far into a pointer on the stack
How to Run this meeting
- This concept is best explained with first explaining a little, and then introducing a challenge
- First talk about how printf works, then give a simple challenge, then introduce more advanced concepts, etc.
- The challenges should begin with simply using %s to print a string, then using %x a few times to see the stack, then $n%x to print a specific offset, and finally using %n to overwrite information.
This week’s meeting will be covering format string vulnerabilities in the C printf function. If a program allows you to specify a format string argument to a printf call, you can do all sorts of stuff, from redirecting program flow to overwritting arbitrary memory locations!