Protostar Format0 Walkthrough

Walkthrough

Hello Guyz, Today, Here I am going to share with you my walkthrough exploitation research, tools Stuff and Exploit That Can help you in completing Exploit-Exercise Protostar Level.

Basically, My Goal is Just to provide you hints, so that you can Understand all concepts on your own.

But If still after reading this hint post, you are not understanding concepts clearly and want to see Exploit Code And Other Details then you can visit my blog posts. click here

Source Code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void vuln(char *string)
{
  volatile int target;
  char buffer[64];

  target = 0;

  sprintf(buffer, string);
  
  if(target == 0xdeadbeef) {
      printf("you have hit the target correctly :)\n");
  }
}

int main(int argc, char **argv)
{
  vuln(argv[1]);
}

Hints

This level introduces format strings, and how attacker supplied format strings can modify the execution flow of programs.

Hints

    This level should be done in less than 10 bytes of input.
    “Exploiting format string vulnerabilities”

This level is at /opt/protostar/bin/format0

Plan

As we know:
     printf family function can be exploit with format string vulnerability if programmer don't used these function carefully.

    | String Buffer                            |

Step 1:
    --------------------------------------------
    |  AAAAAA %x%x%x%x%x%x%x%x%x%x%x%x          |
    --------------------------------------------
	%x will print arguments from the top of stack
	check exact padding between the starting of our string Onto the top of stack through printf vulnerability %x

Step 2:
	%5$x : Here, $ sign helps in selecting exact index of string. so, we can use this advantage.
	%5$n : n, expression can write number of bytes onto pointing address.
	
    --------------------------------------------
    |  Address1, Address2 %number_of_bytesx%1$n %number_of_bytesx%2$n          |
    --------------------------------------------
	

For Working Exploit Script And Other Complete Details. Check here


Thanks For Visiting

Have a nice day.

Written on May 11, 2018