Introduction

Some simple tips/pointers on the interesting topic of format string vulnerabilities.

Basics

Most commonly associated with c/c++ and printf family of function calls.

Yes, you can read values of the stack using %p modifier and write to memory locations using %n.

Challenges

Get some practice exploiting format string vulnerabilities over at https://exploit-exercises.com/protostar/format0/

Tutorials

Very straight forward examples – http://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html

Thank you