Printf Meeting

Author: Joseph Ravichandran



Learn the basics of exploiting format string attacks

Topics Covered:

  • %x: print hex
  • %d: print decimal
  • %s: print string given pointer to string on stack
  • %n: store number of characters printed thus far into a pointer on the stack
  • reversing
  • pwn

How to Run this meeting:

  • This concept is best explained with first explaining a little, and then introducing a challenge
  • First talk about how printf works, then give a simple challenge, then introduce more advanced concepts, etc.
  • The challenges should begin with simply using %s to print a string, then using %x a few times to see the stack, then $n%x to print a specific offset, and finally using %n to overwrite information.


This week’s meeting will be covering format string vulnerabilities in the C printf function. If a program allows you to specify a format string argument to a printf call, you can do all sorts of stuff, from redirecting program flow to overwritting arbitrary memory locations!