Blind Format String Exploits

aturt13 Dojo.

Exploiting format string vulnerabilities may seem challenging at first, but it essentially allows an attacker to gain both arbitrary read and write primitives. Once those primitives are obtained, code execution is just one step away. However, what happens when the output of the format string is not visible?

Challenges

Use a blind format string exploit to overwrite a GOT entry to gain code execution.

What you see is all there is. What if you can't see anything? Use a blind format string exploit to perform ROP to gain code execution. Hint: The answer might be 42.

No more bruteforce! Be gentle this time. Can you read using arbitrary write?

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank		Hacker	Badges		Score

Blind Format String Exploits

aturt13 Dojo.

Challenges

level1

level2

level3

30-Day Scoreboard:

Blind Format String Exploits

aturt13 Dojo.

Challenges

level1 4 solves

level1

level2 1 hacking, 2 solves

level2

level3 1 hacking, 2 solves

level3

30-Day Scoreboard: