A hands-on demonstration of format string vulnerabilities in C — showing how improper use of printf and related functions can expose a program's memory and be leveraged for exploitation.
A format string vulnerability occurs when user-controlled input is passed directly as the format argument to functions like printf, fprintf, or sprintf — without a proper format specifier.
// Vulnerable
printf(user_input);
// Safe
printf("%s", user_input);An attacker can supply format specifiers (e.g. %x, %s, %n) to read from or write to arbitrary memory locations on the stack.
| Folder | Description |
|---|---|
ReadFormatVuln/ |
C source and shell scripts demonstrating how to read memory via format string attacks |
- Stack memory leaking — using
%lxto dump stack values - Arbitrary memory reads — using
%sto read from a target address - Direct parameter access — using
%N$xto access specific stack positions
- Linux (x86 or x86-64)
- GCC
- Basic familiarity with C and the stack
# Compile the vulnerable program
gcc -o main main.c
# Run the exploit script
bash exploit.sh
⚠️ Disclaimer: This repository is for educational purposes only. Do not use these techniques against systems you do not own or have explicit permission to test.