App - System
App - System - Format string bug basic 1
I completed this challenge by brute force.
But I do not want to use this way. I tried debugging (gdb) and the value of the buffer (0xbffffb7c) is "\ 221 \ 205 \ 004 \ bp \ 205 \ 004 \ b0 \ 204 \ 004 \ b". But I no understand what it is. Can anyone explain or point out I was wrong ?
4.png (PNG, 30.7 ko)
App - System - Format string bug basic 1
You dumped the contents of the buffer before the call to fgets (or at least it looks like you did). You need to inspect the contents after the call, otherwise it’s just whatever happens to be sitting at the address.
I am not able to do this, however. The fopen call fails when I attempt to debug using gdb. Did you run into this issue ? I observe that fopen fails and, as a result, the FILE* is set to NULL. So then the code attempts to fgets with a NULL pointer, causing a failure.
App - System - Format string bug basic 1
When you start the program in gdb, the program is not executed with the same permissions as if you just execute the program directly. So the file opening fails because the program permissions are not correct.
App - System - Format string bug basic 1
Hi,
I’m getting crazy about this. I can print a string from the args I pass to the file (I printed the args, I printed the strings passed to the fope() function so I can choose what I’m printing). Can you give me a hint of where I could have the buffer address (Which I thought was on the Stack, correct me if I’m wrong, like 0x2c from esp) but apparently this isn’t the right place to search ?
Thanks in advance and sorry for the noob I am...
App - System - Format string bug basic 1
The value is on the stack. You can see it if you pass enough format string characters to argv[1]. However, after the find the value (4x8 bits), you will need convert from hex to plain but before re-order it due to little endianness.