Skip to content

sonysame/pwnable.tw_HeapParadise

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
libc
libc
 
 
libc_64.so.6
libc_64.so.6
 
 
sol.py
sol.py
 
 
sol2.py
sol2.py
 
 
sol3.py
sol3.py
 
 

Repository files navigation

pwnable.tw_HeapParadise

double free bug->fastbin_dup으로 원하는 주소(1byte overflow)덮는다.
size를 0x91로 설정하여 unsorted bin attack: libc주소도 들어가므로 이를 이용
libc주소 partial overwrite해서 다시 한번 fastbin_dup일어날 때, stdout flag를 조작 -> leak libc
다시 한번 fastbin_dup일으켜서, malloc_hook을 one_gadget으로 덮기!
double free error로 malloc_printerr 불러서 get shell!

About

No description or website provided.

Topics

fastbin-dup fsop unsorted-bin-attack double-free-bug

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages