June 24th, 2005, 01:05 AM
OH! So %17x would go down the memory only once and pad it, I knew that %x would go down the memory by 4 bytes and it seemed obvious that %17x would thus go down by 17*4 = 68 bytes!!
The two...
June 23rd, 2005, 09:34 PM
Ah, some progress!! This is very interesting:
The following 2 commands do the same thing, i.e. print 0x0000bbaa to the memory address.
./fmt_vuln `printf...
June 23rd, 2005, 08:02 PM
nebulus, I'm using Gentoo Linux, not Windows (Why did you assume that :D )
I have already tried viewing stuff using gdb but couldn't get anything. Perhaps its because when I installed Gentoo I put...
June 23rd, 2005, 05:21 PM
Here's the source for fmt_vuln.c
-----------------------------------------
#include <stdlib.h>
int main(int argc, char *argv[])
{
char text[1024];
static int test_val =...
June 23rd, 2005, 04:51 PM
Padding seems most obvious but HOW does it need padding? As I wrote earlier each of the writes (0xaa, 0xbb,...) is two hex digits, which is equal to one byte. Now each memory address can hold one...
June 23rd, 2005, 12:25 AM
I thought about the padding, but the problem with that is that each of the writes (0xaa, 0xbb,...) is two hex digits, which is equal to one byte. Now each memory address can hold one byte. So where...
June 22nd, 2005, 08:48 PM
I found a format string tutorial in a book. Have understood the basic concept, but have a question about one of the examples. The aim is to write the address 0xddccbbaa into a static int variable...
June 22nd, 2005, 03:19 PM
Has anyone managed to use driftnet on a switched network?? It doesn't work even if I do ARP Poisoning. Ethereal works then, so the ARP Poisoning is working..
Thanks
