Helper script for working with formatstring bugs.

Helper script for working with formatstring bugs.

Introduction to formatStringExploiter:
formatStringExploiter is a library written in python to help simplify the exploitation of format string vulnerabilities. It does this by abstracting away the notion of how to exploit these vulnerabilities for reading and writing into simple class properties.
As a user of formatStringExploiter, your job is simply to create a python function that will interact with the program and return the results of any string that is given to it. You do not have to understand what offsets or padding is required, you can simply utilize it as if it were a primitive operation.

formatstringexploiter

formatstringexploiter

Concept:
The concept behind formatStringExploiter is to give you a class object that abstracts a format string exploit. In general, what you will need to do as a user is to simply provide the base class of FormatString with a function that takes in a single argument of a string and returns the results of the format string on that string. As a user, you don’t have to worry about the details of how the format string vulnerability works, you simply provide a function to allow the FormatString class to interact with it. Once the FormatString class is instantiated, it will attempt to automatically discover the offset and padding required for this particular vulnerability. Once done, it returns you a class object that you can use to interact with this vulnerability. Note that, for now, these calls are immediate. This means that once you make the call, that information is immediately being sent to the vulnerable application.

Installing and activated Virtualenv:

Source: https://github.com/Owlz