0x0 App - System

lundi 1er janvier 2018, 16:02  #1
App - System - Format string bug basic 1
  • 2 posts

I completed this challenge by brute force.

But I do not want to use this way. I tried debugging (gdb) and the value of the buffer (0xbffffb7c) is "\ 221 \ 205 \ 004 \ bp \ 205 \ 004 \ b0 \ 204 \ 004 \ b". But I no understand what it is. Can anyone explain or point out I was wrong ?

 (PNG, 30.7 ko)
dimanche 13 mai 2018, 05:54  #2
App - System - Format string bug basic 1
  • 7 posts

You dumped the contents of the buffer before the call to fgets (or at least it looks like you did). You need to inspect the contents after the call, otherwise it’s just whatever happens to be sitting at the address.

I am not able to do this, however. The fopen call fails when I attempt to debug using gdb. Did you run into this issue ? I observe that fopen fails and, as a result, the FILE* is set to NULL. So then the code attempts to fgets with a NULL pointer, causing a failure.

mercredi 8 août 2018, 20:36  #3
App - System - Format string bug basic 1
  • 2 posts

I’m also seeing this. fopen() returns NULL and so fgets fails when I run it in GDB . No such issue when run from the terminal shell. Any clue as to why this happens.

lundi 20 août 2018, 11:40  #4
App - System - Format string bug basic 1
  • 10 posts

When you start the program in gdb, the program is not executed with the same permissions as if you just execute the program directly. So the file opening fails because the program permissions are not correct.

mercredi 5 décembre 2018, 17:22  #5
App - System - Format string bug basic 1
Bonjour Mickael
  • 1 posts

I’m getting crazy about this. I can print a string from the args I pass to the file (I printed the args, I printed the strings passed to the fope() function so I can choose what I’m printing). Can you give me a hint of where I could have the buffer address (Which I thought was on the Stack, correct me if I’m wrong, like 0x2c from esp) but apparently this isn’t the right place to search ?

Thanks in advance and sorry for the noob I am...