Ahh, Stanford. I'm starting a format string binary now.
- https://cs155.stanford.edu/papers/formatstring-1.2.pdf - Exploiting Format String Vulnerabilities
- http://phrack.org/issues/49/14.html#article - Smashing The Stack For Fun And Profit
- http://phrack.org/issues/60/10.html - Basic Integer Overflows
- http://phrack.org/issues/57/9.html#article - Once upon a free().
- http://dl.packetstormsecurity.net/papers/bypass/GOT_Hijack.txt
The only usefull stuff from today is how to automatically fill your clipboard
with a command line, since pwntools native paramiko shell doesn't have a
nice interactive fallback, I always end up having code in a window and a shell
in another. Middle-click for the win.
p = subprocess.Popen('xsel',stdin=subprocess.PIPE)
p.communicate(bytes(cmd,'ascii'))
p.wait()
No flags were gained today. The story of that buffer overwriting itself gets me confused, especially when the payload size has impacts on offsets (: