Exploiting Format Strings With Python

10 Pages Posted: 28 Aug 2019

Date Written: August 24, 2011


In this article we will look at format strings in the C and C++ programming languages. In particular, how these may be abused. The article progresses to discuss crafting attacks using python in order to attack through DPA (Direct Parameter Access) such that you can enact a 4-byte overwrite in the DTORS and GOT (Global Access Table) and prepares the reader for a follow-up article on exploiting the GOT and injecting shell code. We demonstrate how these simple but still often overlooked and even taught vulnerabilities can be used to read arbitrary locations from memory, write to memory and execute commands and finally to gain a shell.

Keywords: exploits, format strings

Suggested Citation

Wright, Craig S, Exploiting Format Strings With Python (August 24, 2011). Available at SSRN: https://ssrn.com/abstract=3442177 or http://dx.doi.org/10.2139/ssrn.3442177

Craig S Wright (Contact Author)

nChain ( email )

United Kingdom

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics