Protostar – format4

Information %p format4 looks at one method of redirecting execution in a process. Hints • objdump -TR is your friend This level is at /opt/protostar/bin/format4 Source code Solution In this level, I don’t have to overwrite the content of a variable but to redirect the program to the function hello(). The format string vulnerability is ...

Protostar – format3

Information This level advances from format2 and shows how to write more than 1 or 2 bytes of memory to the process. This also teaches you to carefully control what data is being written to the process memory. This level is at /opt/protostar/bin/format3 Source code Solution This is nearly the same code as in the ...

Protostar – format2

Information This level moves on from format1 and shows how specific values can be written in memory. This level is at /opt/protostar/bin/format2 Source code Solution This time the variable ‘buffer’ can’t be overloaded due to the using of : fgets(buffer, sizeof(buffer), stdin); But the program is vulnerable to format string because of this : printf(buffer); ...

Protostar – format1

Information This level shows how format strings can be used to modify arbitrary memory locations. Hints • objdump -t is your friend, and your input string lies far up the stack 🙂 This level is at /opt/protostar/bin/format1 Source code Solution This level introduces format string vulnerability and exploitation. The vulnerability lands here : printf(string); The ...

Protostar – format0

Information This level introduces format strings, and how attacker supplied format strings can modify the execution flow of programs. Hints • This level should be done in less than 10 bytes of input. • “Exploiting format string vulnerabilities” This level is at /opt/protostar/bin/format0 Source code Solution This level is not really about a format string ...