#format_string
In this writeup I will share how I exploited my first ever pwn challenge on a CTF, which was a very small part of why we managed to qualify for the VolgaCTF finals in Samara, Russia! The exploit uses a format string vulnerability to leak the libc and the canary, and then we will use a stack buffer overflow to ROP and get code execution.
Format string finder uses binary ninja’s powerful IL’s to find format string vulnerabilities in binaries (without access to source code) and printf-like functions. It was featured in Paged Out!’s issue #1 winning Best Security/RE article leading to it being presented in São Paulo, Brasil at Hackers to Hackers Conference 2019.
In this article I describe a plugin I developed to find format string vulnerabilities using binary ninja. It was published on Paged Out!’s issue #1, winning Best Security/RE article and presented in São Paulo, Brasil at Hackers to Hackers Conference 2019