w3th4nds

About

Username
w3th4nds
Joined
Visits
437
Last Active
Roles
Member

Activity

  • rwu

    Hi. I was hoping you could help me with What does the f say.

    I can exploit the format string vulnerability to leak the necessary addresses so that I could, in theory, redirect execution to a one-gadget in libc. However, with only 28 bytes of format string space, I cannot make such a big change to the return address. As such, I am confined within the surrounding space of the binary code section.

    I've been trying to look in the gadgets from the binary to see if there's anything that will let me work around this, but nothing so far.

    Can you at least tell me if I'm on the right track?

    Thanks.

    September 6
Avatar

Howdy, Stranger!

Click here to create an account.