One of the reasons is that my goal is to create a hole by allocating a string and freeing it, and we can’t allocate a string longer than 0x80. That doesn’t really matter, because we can exploit this with any size. And obviously, once it gets to a certain size, it won’t decrease. The sizes of the allocation of this array are: 0x20, 0x40, 0圆0, 0x80, 0xd0.
STACK SMASHING DETECTED RAISE.C NO SUCH FILE CODE
Pretty straightforward: if the size of the list is larger/equal to its max capacity, we need to do realloc (that’s basically what the code above does). Void list_edit ( List * list, int index, Data data, LIST_TYPE type ) The challenge implements a list of elements, and offers us the following operations: This blogpost doesn’t introduce something new/novel, not even close :) But sometimes it’s nice to present the current state-of-the-art, in a lightweight way. To be organized, I will describe the challenge, what the published solutions did to solve it (they are very similar), detail exactly what I changed and which mitigations I enabled, and how I solved the challenge on both Ubuntu 20.04 and the latest 21.10, and how. And just to make it more interesting, I enabled further mitigations that the original challenge did not. Then, because Ubuntu 21.10 has some changes in the allocator behavior (the encoding hardening on freelist entries, disabling malloc hooks, etc.), I built another exploit for Ubuntu 21.10 with default configuration. So, I built an exploit that works on Ubuntu 20.04 with default configuration. The challenge is quite simple, and based on all the three solutions published in ctftime (and on the official/intended solution published in the CTF’s repo), it relied on an outdated bad behavior of tcache (that is mitigated on Ubuntu 20.04). After a short search, I chose “ diylist”, a pwn challenge from zer0pts CTF 2020, that used to run on Ubuntu 18.04. I looked for a pwn challenge from a CTF in 2020, and tried to run its intended/official solution on Ubuntu 20.04 (which is already used to host CTFs) and Ubuntu 21.10. That’s why I thought it might be nice to take an old CTF challenge and solve it on new versions of Ubuntu, to see what changed and what the environment of the future CTFs might look like. And we need to keep up with these changes and be aware of the differences between the runtimes, mitigations, available features, etc. In the past few years, we saw how the environments used to host challenges had been updated. It’s a great place for innovation, creativity, learning, and development. Exploit_pwn_chgs_ubuntu_21.10 Warm up exercises: preparing for the Ubuntu 21.10 CTFsĬTFs are awesome.
0 kommentar(er)
