Don't like this style? Click here to change it! blue.css
OK here we go, what are the 3 parts of a PWN?
OK this is going to be our new baseline heap exploit.
We're going to go after the one at
nc 126.96.36.199 1344
just NOT using the win function.
OK I'm going to do this from scratch live.
OK this will be cool, here's my starter script:
Now we ALSO need a heap leak before we can write the target.
(free_hook ^ heap >> 12)
OK suppose you can't control the size of your mallocs
Say they are all small...
Then we want to fake a larger chunk where our chunks are
What if we're in glibc 2.34+, then there is no free_hook:
We have to learn something very fancy: FSOP (not quick to learn)
OR we could maybe target the stack and a return address...