The objective of this task is to get the server to print out some data from its memory $($we will continue to

use $10\mathrm{.}9\mathrm{.}0\mathrm{.}5).$ The data will be printed out on the server side, so the attacker cannot see it$.$ Therefore,

this is not a meaningful attack, but the technique used in this task will be essential for the subsequent tasks.

$$ Task $2.$A: Stack Data. The goal is to print out the data on the stack. How many $\%$x format specifiers

do you need so you can get the server program to print out the first four bytes of your input? You

can put some unique numbers $(4$ bytes$)$ there, so when they are printed out, you can immediately tell.

This number will be essential for most of the subsequent tasks, so make sure you get it right.

$$ Task $2.$B: Heap Data There is a secret message $($a string$)$ stored in the heap area, and you can find the

address of this string from the server printout. Your job is to print out this secret message. To achieve

this goal, you need to place the address $($in the binary form$)$ of the secret message in the format string.

Most computers are small$-$endian machines, so to store an address $0$xAABBCCDD $($four bytes on a

$32-$bit machine$)$ in memory, the least significant byte $0$xDD is stored in the lower address, while the

most significant byte $0$xAA is stored in the higher address. Therefore, when we store the address in a

buffer, we need to save it using this order: $0$xDD$,0$xCC$,0$xBB$,$ and then $0$xAA. In Python, you can

do the following:

SEED Labs $$ Format String Attack Lab $6$

number $=0$xAABBCCDD

content$[0$:$4]=($number$).$to$\_$bytes$(4,$byteorder$=$little$)$