How to write simple format string exploits
“Your wish is my command.”
Taught by: Peter Zsiros
Length: 6 hours
Do you always validate your input?
"Format string exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system." - Source: The OWASP Foundation
In this course we will write a simple 32 bit format string exploit for a sample application (no DEP bypass, no ASLR, no stack cookie, no etc.). Through this step-by-step procedure you will understand the working of format string exploits. By the end of the course you will be able to write a simple format string exploit on your own and will have the basis to move on and start writing more advanced exploits.
Join this course and go deeper into exploit development.
Live instructor-led course
It will be a live course so you will work together simultaneously with the trainer and the other students and will have the possibility to ask your questions. More about live classes
Programmers, security specialists
We will run maximum 2 virtual machines simultaneously, recommended minimum 8GB memory (2GB for each, and 4 remains to host), about 40GB disk space for virtual machines.
You will be able to write simple format string exploits
Session 1 - Format string exploit against a sample application
Finding the vulnerability in source code, writing the exploit.
Session 2 - Format string exploit against a real application
Finding the vulnerability with fuzzer, writing the exploit.