we dont get so much from that description so lets connet and see what behind the seen:
as we can see it just take our input and append it to like a stack.
but here i tries using much bigger junk but no seg falut appeared so i think it may be fotmat string vulnerablility
“The Format String exploit occurs when the submitted data of an input string is evaluated as a command by the application. … However, the Format Function is expecting more arguments as input, and if these arguments are not supplied, the function could read or write the stack.”
when a programer use a function like printf without place holder like
printf(variable)
here this code is vulerbale to data leak so we can read as much as we need from tha stack
here is the first try to check the elf:
as we can se here is some addreesses leaked out of the stack
lets try printg them out as string:
here we could conclude that first value is null but unfortunality we cant move as this way as the program is exited when we increase out %s to certain values so lets code it
here we see flag was in the position 57 %57$s
FLAG=LLS{tack_stack?_more_like_stack_attack}c
thanks for reading :)
feedback appreciated
