At first we realize that there is a format string vulnerability by which we can leak the memory addresses of the stack and thus bypassing ASLR. After a few attempts we see that in position %10$p we leak memory address of the stack and at minus 0x20 it would be the pointer of name whose test content we entered was "AAAA". The next step is to create our exploit that makes the leak using pwntools l..
Writeup - From Format String to Buffer OverflowPKTeam Recon First of all we see the protections of the binary. We have several problems. We can not execute code in the stack such as a shellcode due to NX, we can not overflow without having a canary leak and if we want to attach with gdb we have to bypass PIE as if we want to do ROP (Return-Oriented Programming). We also need leak of a function t..
- Total
- Today
- Yesterday
- canary
- Call oriented programming
- x64dbg
- stack pivot
- XSS
- return oriented programming
- cracking
- leak libc
- open-redirect
- ASM
- hijacking redirection flow
- use after free
- theFaunia course
- arithmetic overflow/underflow
- GOT Dereferencing/Overwriting
- write primitive
- pwnable.tw
- shellcode
- buffer overflow
- dnspy
- Pwnable.kr
- Backdoors
- format string
- html injection
- fake stack frame
- 32Bit
- pwnable.xyz
- leak stack memory address
- Windows
- one gadget
일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | |||
5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 | 20 | 21 | 22 | 23 | 24 | 25 |
26 | 27 | 28 | 29 | 30 | 31 |