kiddie
.:: @OREL ::.

Phoenix - Heap overflow - Heap 3
[ **/**/**** ]
Copie originale : [https]://exploit.education/phoenix/heap-three/ --- [0 - Énoncé [1 - Description du programme [1.1 - Code Source [1.2 - Identification de la vulnérabilité [2 - Méthodologie pour l'exploitation [3 - Exploitation de la vulnérabilité [4 - Conclusion ---
[0 - Énoncé
This level explores why you should always explictly initialize your allocated memory, and what can occur when pointer values go stale.
[1 - Description du programme
[1.1 - Code Source
/* * phoenix/heap-three, by https://exploit.education * * This level is linked against ftp://gee.cs.oswego.edu/pub/misc/malloc-2.7.2.c * version 2.7.2, with a SHA1 sum of 407329d164e4989b59b9a828760acb720dc5c7db * more commonly known as "dlmalloc", Doug Lea Malloc * * Can you hijack flow control, and execute winner()? Afterwards, how * about your own code? This level is solvable on Linux i386 easily enough, * as for other architectures, it may not be possible, or may require some * creativity - let me know what you come up with :) * * My friend told me that nothing rhymes with orange. * I told them, "No, it doesn't". * * Or, more seriously, https://www.youtube.com/watch?v=lPcR5RVXHMg * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <time.h> #include <unistd.h> void winner() { printf("Level was successfully completed at @ %ld seconds past the Epoch\n", time(NULL)); } int main(int argc, char **argv) { char *a, *b, *c; a = malloc(32); b = malloc(32); c = malloc(32); strcpy(a, argv[1]); strcpy(b, argv[2]); strcpy(c, argv[3]); free(c); free(b); free(a); printf("dynamite failed?\n"); }
[1.2 - identification de la vulnérabilité
[2 - Méthodologie d'exploitation
[3 - Exploitation de la vulnérabilité
[4 - Conclusion

Tout est faux tout est conforme.