Hosting my writeups.
*NOTE: This article is once a part of the writeup of a CTF event. I found the challenge probelem is not that simple as it looks like, so I did much more detailed work and write a lot more. And since the part was going too long, I seperated it to this new post for more friendly reading.
Story from a simple format string vulnerable
I recently worked on a CTF problem, which requires to take a left-over rbp in the stack frame as the %n pointer to hijack the return address.
CleanShot 2024-02-05 at 22.58.04@2x
You can read the original writeup for more details of this program.
The Amazing, The Weired
But not everyone has the luck to see the left-over value, suffering this: