Protostar/Format 4

If you get stuck, you can watch the solution and explanation here:

In this episode we combine the last two videos. Format String + overwriting an entry of the Global Offset Table to solve format4 from exploit-exercises.com.

%p format4 looks at one method of redirecting execution in a process.

Hints:

objdump -TR is your friend
This level is at /opt/protostar/bin/format4

format4.c

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void hello()
{
  printf("code execution redirected! you win\n");
  _exit(1);
}

void vuln()
{
  char buffer[512];

  fgets(buffer, sizeof(buffer), stdin);

  printf(buffer);

  exit(1);   
}

int main(int argc, char **argv)
{
  vuln();
}

See also

Solving format1 from exploit-exercises.com with a simple Format String vulnerability, exploited with %n.

In this video we will introduce how shared libraries like libc are used by C programs. Specifically we will look at the Global Offset Table and the Procedure Linkage Table.

This is a mirror. Copyright and original can be found here: exploit-exercises.com/protostar/format4/