Protostar/Format 4

If you get stuck, you can watch the solution and explanation here:

0x13 - Format String Exploit and overwrite the Global Offset Table

In this episode we combine the last two videos. Format String + overwriting an entry of the Global Offset Table to solve format4 from exploit-exercises.com.

%p format4 looks at one method of redirecting execution in a process.

Hints:

objdump -TR is your friend
This level is at /opt/protostar/bin/format4

format4.c

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void hello()
{
  printf("code execution redirected! you win\n");
  _exit(1);
}

void vuln()
{
  char buffer[512];

  fgets(buffer, sizeof(buffer), stdin);

  printf(buffer);

  exit(1);   
}

int main(int argc, char **argv)
{
  vuln();
}

0x11 - A simple Format String exploit example

Solving format1 from exploit-exercises.com with a simple Format String vulnerability, exploited with %n.

0x12 - Global Offset Table (GOT) and Procedure Linkage Table (PLT)

In this video we will introduce how shared libraries like libc are used by C programs. Specifically we will look at the Global Offset Table and the Procedure Linkage Table.

This is a mirror. Copyright and original can be found here: exploit-exercises.com/protostar/format4/

Protostar/Format 4

0x13 - Format String Exploit and overwrite the Global Offset Table

format4.c

0x11 - A simple Format String exploit example

0x12 - Global Offset Table (GOT) and Procedure Linkage Table (PLT)

Levels

Stack 0

Stack 1

Stack 2

Stack 3

Stack 4

Stack 5

Stack 6

Stack 7

Format 0

Format 1

Format 2

Format 3

Format 4

Heap 0

Heap 1

Heap 2

Heap 3

Net 0

Net 1

Net 2

Final 0

Final 1

Final 2