Bug Hunting, Format String Exploitation

Presenter: Scott Hand

Date: 10 Feb 2012

Description: This is part 3 of the bug hunting session. We examined the string format exploit in echoserver. We went over string format exploitation background, as well as ways to utilize string format to solve problems such as limited buffer space, bad shellcode characters, or ASLR protection mechanisms. Creating a metasploit module targeting our vulnerable service (metasploit) was also briefly touched upon.