Next up is the last challenge in the Format String series, Format 4.

It starts out with the following code:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void hello()
{
 printf("code execution redirected! you win\n"); …

Continuing in the String Format section, the next challenge we run across is Format 3.

We’re first given the following code:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void printbuffer(char *string)
{
 printf(string);
} …

Continuing from where we left off, we arrive at Format 2. It presents us with the following code:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void vuln()
{
 char buffer[512];

 fgets(buffer, sizeof(buffer), stdin); …

Following the Format 0 challenge, I’ve had to do a bunch of reading on how format string exploits work on a very low level.

Some resources that I’ve found greatly useful:

• Hacking: The Art of Exploitation, 2nd Edition
• Exploiting Format String Vulnerabilities
• SecurityTube.net Format …

I’ll be honest, I’m new to format string exploits. I’ve been more experienced with stack overflows, and a little with heap overflows. So hopefully this information is correct, as it’s from my current understanding.

Protostar Format 0 starts us off with the following …

I for some reason decided to look at the set of “final” challenges, and found the first one to be not too difficult.

We start with the following code being given to us:

#include "../common/common.c"

#define NAME "final0"
#define UID 0
#define GID 0
#define PORT 2995

/* …