Here at Redspin, we don’t often get a chance to fool around with binaries. Nevertheless, during an audit we encountered a program with a simple format string attack. Not content with the manual format string exploitation process, we decided to write our own tool to automate it. After much coding, we saw that it was good, and decided to share: root@bt:~# wget http://www.redspin.com/blog/wp-files/Format%20String%20Auto%20Exploitation.tar.bz2 root@bt:~# tar jxvf Format\ String\ Auto\ Exploitation.tar.bz2 root@bt:~# cd Format\ String\ Auto\ Exploitation root@bt:~/Format String Auto Exploitation# … →