Basics of format string exploit writing

Basics of format string exploit writing

How to write simple format string exploits

“Your wish is my command.”

Taught by: Peter Zsiros

Length: 6 hours

Coming soon...

Get notified via email
when it is available

Do you always validate your input?

"Format string exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system." - Source: The OWASP Foundation

In this course we will write a simple 32 bit format string exploit for a sample application (no DEP bypass, no ASLR, no stack cookie, no etc.). Through this step-by-step procedure you will understand the working of format string exploits. By the end of the course you will be able to write a simple format string exploit on your own and will have the basis to move on and start writing more advanced exploits.

Join this course and go deeper into exploit development.

This course is part of our exploit writing live training series.


Other hacking courses from the same trainer, Peter Zsiros.

  • + Recommended for

    Programmers, security specialists

  • + Prerequisites

    Programming basics

  • + Technical requirements

    We will run maximum 2 virtual machines simultaneously, recommended minimum 8GB memory (2GB for each, and 4 remains to host), about 40GB disk space for virtual machines.

  • + Acquired skills

    You will be able to write simple format string exploits

Curriculum and videos

Section 1 - Format string exploit against a sample application

Finding the vulnerability in source code, writing the exploit.

Section 2 - Format string exploit against a real application

Finding the vulnerability with fuzzer, writing the exploit.