[framework] Advanced Format String Attacks

Paul Haas phaas at redspin.com
Mon Sep 27 12:35:12 PDT 2010


Developers,

This Defcon, I presented some techniques for automatically exploiting format
string injection attacks, and ported the technique to Metasploit. My tool
locates its own shellcode on the stack, and bruteforces the overwrite of
sequential stack addresses in an attempt to overwrite a return address. I
wanted to contribute the code to the main svn trunk so others could benefit
and it would be easier to manage.

Here are the details of the presentation:
http://www.defcon.org/html/defcon-18/dc-18-speakers.html#Haas
Demonstrations and downloads:
http://www.redspin.com/blog/2010/08/09/defcon-advanced-format-string-attacks/
svn diff: http://www.redspin.com/blog/wp-files/PaulHaas_Metasploit.diff

Thanks for creating a great tool and community mentality, and let me know if
there are any questions or suggestions on the above.

Cheers,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20100927/56041f63/attachment.html>


More information about the framework mailing list