You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I run the test sample you give, I can't find a solution using various entry points. Take "sodu" as an example. According to your article, the entry point is the instruction address that can be reached after triggering AWP. I set it as the address of the next "free" instruction of "vsprintf" corresponding to the format string vulnerability, but I can't find a solution. Can you give more entry points used for testing in your article, such as "proftpd" entry point, "sudo" entry point, "nginx" entry point, or elaborate on the discovery rules of entry points, or explain how you determine these entry points?
When I run the test sample you give, I can't find a solution using various entry points. Take "sodu" as an example. According to your article, the entry point is the instruction address that can be reached after triggering AWP. I set it as the address of the next "free" instruction of "vsprintf" corresponding to the format string vulnerability, but I can't find a solution. Can you give more entry points used for testing in your article, such as "proftpd" entry point, "sudo" entry point, "nginx" entry point, or elaborate on the discovery rules of entry points, or explain how you determine these entry points?