The goal of this article is to explain in detail how an off-by-one vulnerability on the heap also known as poison null byte can be exploited. Although this technique does not work with the latest libc, I think it can be used very good in order to demonstrate how exploits based on heap-metadata corruption work (also check out shellphish’s how2heap).
In order to do this I created a vulnerable program, which we will use as an example to create such an exploit. If you like to, you can start by analyzing and exploiting the program on your own (at least check out Environment):
Though it is not required to the exploit the program, the source-code might be helpful:
The article is divided into the following sections:
–> Vulnerable Program
–> Heap Basics
–> Control Instruction Pointer
–> One Gadget
–> Final Exploit
Continue reading “Heap Exploitation: Off-By-One / Poison Null Byte”
As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. I could not spend as much time as I would have liked to on solving the challenges, but after all I managed to collect 25 of the 27 eggs and focused on this writeup.
Continue reading “Hacky Easter 2018 writeup”
The angstromCTF 2018 (ctftime.org) ran from 16/03/2018, 20:00 UTC to 23/03/2018 00:00 UTC.
As the description on ctftime.org states, the ctf is primarily geared towards high school students but with a very wide range of challenge difficulty.
There have been a lot of interesting challenges which have been fun to do. I decided to make a writeup for the pwn challenge hellcode.
Continue reading “angstromCTF 2018 – writeup hellcode”
In the last lab we focused on Misc and Stack Cookies. In this next to last lab some characteristics when dealing with C++ are introduced.
The lab contains only two levels:
Continue reading “RPISEC/MBE: writeup lab09 (C++)”
While the last lab introduced the subject of Heap Exploitation, this lab focuses on Misc and Stack Cookies.
The lab contains three levels again ranging from C to A:
Continue reading “RPISEC/MBE: writeup lab08 (Misc and Stack Cookies)”