scanf Bypasses

Sometimes you want scanf to not read anything, but continue standard execution. By this I mean that it takes your input, but it doesn't store it in memory, leaving the stack or heap untouched.

This might be because you have a sequential or iterative OOB write, but there is a canary in the way. Alternatively, the location you are writing to is uninitialized but the data gets printed back and you want to leak pointers this way (e.g. on Hack The Box).

So, here are a few inputs for different specifiers that help bypass this! Please do let me know of any more.

Scanf Specifier

Bypass

%d, %ld

negative sign -

%f, %lf

decimal point/full stop .

Last updated 1 year ago

Was this helpful?