Don't like this style? Click here to change it! blue.css

Welcome .... Click here to logout

Daily Reminder: Mom's Spaghetti

Our compass through all of this is the desire for the following comfort food:

Today we're going to ADAPT from 2.31 to 2.32. The big difference is that the linked lists are now ENCRYPTED.

LAB DAY: Leak a glibc, compute FREE_HOOK and system, tcache-poisoning for WWW


OK what's the samba?

This was last weeks samba:

We now need to add two (three) things:

Practical Stages:

Stage 1: Binary runs with pwntools AND pwndbg

First run tmux then run ipython3 -i where is the following script. Confirm you have a two screen setup to interact AND debug

Stage 2: Make sure you are linked to glibc 2.32

Either use that old pwndocker image ( last three lines) OR

Use patchelf: patchelf --set-interpreter ./ --set-rpath . encrypted confirm the linking worked with ldd ./encrypted

Stage 3: Generate and process a LARGEBINS leak

Stage 4: Generate and process a HEAP leak

Stage 5: Finish the Samba get your flag

Helpful Scripts

Heap Reference Guides: