Skip to content

Examples of FSB exploitable binaries that can be used to practice FSB.

Notifications You must be signed in to change notification settings

Caesurus/how2fsb

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

how2fsb

Format String Bugs (FSB) and tutorials on how to exploit them. Now updated to use python3! And tested on Ubuntu 20.04.

A Format String Bug is when an application passes user input directly to printf(). EG:

    fgets(buffer, BUF_LEN, stdin);
    printf(buffer);

This allows the user to do all sorts of fun stuff.

This repo contains examples of Format String Bug exploitable binaries that can be used to learn and practice. All these binaries are 32bit. Compiled on Ubuntu 16.04.

Suggested Order: Complete the tutorial in the playground section. This will give an in depth, hands-on guide on how to exploit Format String Bugs. After that, try to solve levels 1-5.

Please check this out to get a rundown of all the different things you can do with FSB (step by step guide). There is an interactive script that will let you attach to the playground application and peek/poke at memory and step through the assembly.

This level was taken directly from the PicoCTF2017 challenge "Ive Got A Secret". It's a great intro into FSB. I downloaded the source and recompiled it.

First write!!! Introduction into using %n or %hn.

Second write. Introduction into actually writing the value you want in a specific location.

This one introduces the concept of updating the GOT to redirect execution to do what we want.

This requires multiple writes to achive the desired result. You need to utilize all the knowledge gained on levels 1-4 to get the flag.

Required Reading:

https://www.exploit-db.com/docs/28476.pdf

https://crypto.stanford.edu/cs155old/cs155-spring08/papers/formatstring-1.2.pdf

About

Examples of FSB exploitable binaries that can be used to practice FSB.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published