Tags: printf pwn exploitation
Rating: 5.0
Exploit in a nutshell:
1) Do buffer overflow to
2) Create a fake printf_arginfo_size_function structure, that contains the address of a call _fortify_fail
3) overwrite the _libc_argv so that the _fortify_fail will print the flag instead of the "real" _libc_argv arguments
4) overwrite printf_function_table so that it is not NULL
5) overwrite printf_arginfo_table so that it points to the fake structure
