Following the Format 0 challenge, I’ve had to do a bunch of reading on how format string exploits work on a very low level.

Some resources that I’ve found greatly useful:

• Hacking: The Art of Exploitation, 2nd Edition
• Exploiting Format String Vulnerabilities
• SecurityTube.net Format …

I’ll be honest, I’m new to format string exploits. I’ve been more experienced with stack overflows, and a little with heap overflows. So hopefully this information is correct, as it’s from my current understanding.

Protostar Format 0 starts us off with the following …

I for some reason decided to look at the set of “final” challenges, and found the first one to be not too difficult.

We start with the following code being given to us:

#include "../common/common.c"

#define NAME "final0"
#define UID 0
#define GID 0
#define PORT 2995

/* …

This challenge was different for me. The previous heap challenge was easy to pretend it was just a simple stack overflow. This one worked very different, and brought some different challenges with it.

You first start out with the following code:

#include <stdlib.h>
#include <unistd.h> …

Now that I’ve completed all of the Stack section of protostar, I’ve started to move onto Heap. The first of these challenges, is Heap 0.

We are given the following code:

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include …

Welcome everyone to 2012! I took a bit of a break during these holidays, and am just starting to get back going.

This challenge was very interesting to me. I figured it would build off of the previous one. However, it was its own standalone challenge.

We are given the following code to the stack7 …