How to write simple format string exploits
“Your wish is my command.”
Taught by: Peter Zsiros
Length: 6 hours
Get notified via email
when it is available
Do you always validate your input?
"Format string exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system." - Source: The OWASP Foundation
In this course we will write a simple 32 bit format string exploit for a sample application (no DEP bypass, no ASLR, no stack cookie, no etc.). Through this step-by-step procedure you will understand the working of format string exploits. By the end of the course you will be able to write a simple format string exploit on your own and will have the basis to move on and start writing more advanced exploits.
Join this course and go deeper into exploit development.
This course is part of our exploit writing live training series.
Other hacking courses from the same trainer, Peter Zsiros.
Programmers, security specialists
We will run maximum 2 virtual machines simultaneously, recommended minimum 8GB memory (2GB for each, and 4 remains to host), about 40GB disk space for virtual machines.
You will be able to write simple format string exploits
Section 1 - Format string exploit against a sample application
Finding the vulnerability in source code, writing the exploit.
Section 2 - Format string exploit against a real application
Finding the vulnerability with fuzzer, writing the exploit.