O'Reilly logo

Python Penetration Testing Cookbook by Rejah Rehim

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to do it...

Here are the steps to create an exploit script for exploiting format string in Linux environment:

  1. To start, we need to create a vulnerable application. So, we can write a C file with format string vulnerability. Create an fmt.c file and open it in your editor.
  1. Add the following code in it and Save:
#include <stdio.h>  
int main(int argc, char **argv){ 
        char buf[1024]; 
        strcpy(buf, argv[1]); 
        printf(buf); 
        printf("\n"); 
} 
  1. We need to compile this code with format security disabled. For that run the following command:
gcc fmt.c -w -g -Wno-format -Wno-format-security -fno-stack-protector -z norelro -z execstack -o fmt  

This will create an executable named fmt. We can use this as our sample application.

  1. Make sure to disable ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required