C functions that print based off format such as printf() use format specifiers like %d, %s, %x to ensure the correct data can be printed.
The vulnerability comes when you printf() a user given string.
- If the given string includes
%n, this allows user to override memory - If given string includes
%x,%d,%x, etc this allows user to read whats on the stack
Repeated %x Attack
This program is vulnerable to our input and ends up printing from the stack.
Eventually, it begins printing the same few characters over and over again.
Converting this from hex to ascii, we find that it reads: “%x.%x.%x.%x.%x.%x”. We have essentially put our string data on the stack aswell, thats why its printing it
You can continue going