Description: <div style="text-align: justify;">This is Part 2 of the Format String Vulnerability Primer video series. Please begin by watching Part 1 if you have not already done so. The prerequisite for this series is Assembly Language and Buffer Overflow basics. If you are not familiar with these topics, please go through the detailed Assembly Language Primer for Hackers and Buffer Overflow Primer for Hackers video series which I have created.<br><br>In this video we will try to understand why functions such as Printf are susceptible to Format String attacks. This video is very hands on in nature - we will explore the stack of a vulnerable program using GDB and see how the Printf function interprets the format string to decide on the number of arguments it should pick from the stack. Thus when a programmer or a malicious user creates a format string which requests more number of arguments to be read from the stack, then actually passed , Printf mistakenly reads extra arguments from the stack and prints them. This causes information leakage and other problems. We will demonstrate these in detail in this video. Enjoy!<br><br><br></div><br><br><style type="text/css">body { background: #FFF; } </style>
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Keep going on like this. Great job.
Again, great videos.
I have one question - I have been back over the many other tutorials but am slightly confused about the stack at 5 minutes.
My confusion why the assembly code around 2.50 uses ebp address offset to place the strings in such an order, and why they aren't just pushed?
I have traced out the ebp instructions, and can see how - but I'm wondering why the offset is used. Wouldn't it make more sense if "this is a secret 1\n" were at the bottom of the stack, instead of "this is a secret 2\n" being made to be lower thanks to the offset.
So, in summary, please could you clarify why the stack is not more along the lines of:
"print this: %s\n","Hi",String 2, String 1,FP,RET
Hopefully this makes sense.
Again, thank you for all the great videos!
Great tutorials, well done!
thanks, another great video. A little slow, but I suppose its better to err on the side of being too thorough.
really really clear
Dude... you have the best tutorials on the net that I have ever seen!
sir plzz help unable to run putty plzz sir help