Description:
This is Part 3 of the
Format String Vulnerability Primer video series.
Please begin by watching Part 1 if you have not already done so. The prerequisite for this series is Assembly Language and Buffer Overflow basics. If you are not familiar with these topics, please go through the detailed
Assembly Language Primer for Hackers and
Buffer Overflow Primer for Hackers video series which I have created.
In this video we will look at how a Format String Vulnerability can be used to crash a program. This could be used by a remote attacker to launch a Denial of Service attack on a server running a vulnerable daemon. Other uses include crashing a high privilege local process and get a core dump. This core dump can be inspected by the attacker to infer sensitive information about the process. In the next video we will see how an attacker can dump the entire stack using a Format String Vulnerability.
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
thanks alot!
thank you very much
Thank you for expanding my knowledges on this topic.
Did Vivek mention that it was him, who discovered this exploitation method?