heap - Tag - cdpointpoint Hugo Site

Phoenix exploit education heap-three

cdpointpoint — Sat, 10 Oct 2020 10:11:00 +0000

Heap three Quatrième exercice heap de la suite Phoenix exploit education. Source /* * phoenix/heap-three, by https://exploit.education * * This level is linked against ftp://gee.cs.oswego.edu/pub/misc/malloc-2.7.2.c * version 2.7.2, with a SHA1 sum of 407329d164e4989b59b9a828760acb720dc5c7db * more commonly known as "dlmalloc", Doug Lea Malloc * * Can you hijack flow control, and execute winner()? Afterwards, how * about your own code? This level is solvable on Linux i386 easily enough, * as for other architectures, it may not be possible, or may require some * creativity - let me know what you come up with :) * * My friend told me that nothing rhymes with orange.

Phoenix exploit education heap-one

cdpointpoint — Tue, 19 May 2020 00:00:00 +0000

Second exercice heap de la suite Phoenix exploit education. Débordement de mémoire et falsification d’adresse. Le source /* * phoenix/heap-zero, by https://exploit.education * * Can you hijack flow control? * * Which vegetable did Noah leave off the Ark? * Leeks */ #include #include #include #include #include #define BANNER \ "Welcome to " LEVELNAME ", brought to you by https://exploit.education" struct heapStructure { int priority; char *name; }; int main(int argc, char **argv) { struct heapStructure *i1, *i2; i1 = malloc(sizeof(struct heapStructure)); i1->priority = 1; i1->name = malloc(8); i2 = malloc(sizeof(struct heapStructure)); i2->priority = 2; i2->name = malloc(8); strcpy(i1->name, argv[1]); strcpy(i2->name, argv[2]); printf("and that's a wrap folks!

Phoenix exploit education heap-two

cdpointpoint — Sun, 10 May 2020 10:00:00 +0000

Heap two “Use after free” Le source /* * phoenix/heap-two, by https://exploit.education * * This level examines what can happen when heap pointers are stale. This level * is completed when you see the "you have logged in already!" message. * * My dog would, without fail, always chase people on a bike. As soon as he saw * someone, he would immediately take off. I spoke to the vet to see if they * could be of any help, but they weren't.

Phoenix exploit education heap-zero

cdpointpoint — Sun, 10 May 2020 10:00:00 +0000

Phoenix heap zero Premier exercice heap de la suite Phoenix exploit education. Débordement de mémoire dans le tas. Le source struct data { char name[64]; }; struct fp { void (*fp)(); char __pad[64 - sizeof(unsigned long)]; }; void winner() { printf("Congratulations, you have passed this level\n"); } void nowinner() { printf( "level has not been passed - function pointer has not been " "overwritten\n"); } int main(int argc, char **argv) { struct data *d; struct fp *f; printf("%s\n", BANNER); if (argc < 2) { printf("Please specify an argument to copy :-)\n"); exit(1); } d = malloc(sizeof(struct data)); f = malloc(sizeof(struct fp)); f->fp = nowinner; strcpy(d->name, argv[1]); printf("data is at %p, fp is at %p, will be calling %p\n", d, f, f->fp); fflush(stdout); f->fp(); return 0; } Solution L’allocation de la structure data ayant eu lieu juste avant la structure fp les deux blocs mémoire doivent se suivre.

Phoenix exloit education Net-serie

cdpointpoint — Sun, 10 May 2020 00:00:00 +0000

Phoenix 4 - Net série Net - zero Can you convert string provided to the native endian of the architecture the binary is running on? For AMD64, it listens on port 64000 For i486, it listens on port 64001 Source /* * phoenix/net-zero, by https://exploit.education * * What did the fish say when he swam head first into a wall? * Dam! */ #include #include #include #include