Don't like this style? Click here to change it! blue.css

LOGIN:
Welcome .... Click here to logout

Home-made house of force

Will it work?

For gdb with the system fork use the following setting: set follow-fork-mode parent

nc 165.22.46.243 8969 The binary: a.out, the glibc (2.27): libc.s0.6 and linker ld.so.2

House of Force Thoughts

This is an arbitrary write-what-where. A fine primitive. But you'll need a target and you'll need some prereqs and a method of defeating randomization.

Look for:

  1. The ability to make an overflow of the top_chunk size field
  2. The ability to ask for an arbitrarily sized malloc
  3. The ability to write into a malloc'ed address
  4. glibc < 2.29

Extras you'll need:

  1. Probably a heap leak
  2. (Although if you have a target in the heap you can be clever and use offsets for hitting your target)
  3. A strategy for winning
  4. (This could be: GOT table, .fini_array, malloc_hook or free_hook, even a stack return address)
  5. Knowledge of where your target lives.
  6. (e.g. you might need two address leaks)