Don't like this style? Click here to change it! blue.css
OK so I want to begin the end and go for a full green exploit on the latest glibc.
Here we go:
This is "Level 4" (PCP 30) running on
nc 126.96.36.199 1773 with source in http://sec.prof.ninja/ctf/cuttingedge.zip
This one is a double-free only version of our code (just like level 3) but without a free_hook available.
Here is our exploit in pseudo-code:
We're going to learn from a write-up and we'll want some extra tools.
Some useful stuff:
There is a set of functions that run at the end of the process by reference. We're going to overwrite those and put system("/bin/sh") into the exit_funcs.