Light

fengjixuchui / advancedmemorychallenges Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ewimberley/advancedmemorychallenges

0.0 0.0 0.0 242 KB

Advanced buffer overflow and memory corruption security challenges

License: GNU General Public License v2.0

C++ 83.25% Makefile 8.36% C 8.40%

advancedmemorychallenges's Introduction

AdvancedMemoryChallenges

Advanced buffer overflow and memory corruption challenges.

INSTRUCTIONS:

Install gcc 4.8 or above (I recommend a late version of Ubuntu. I haven't really tested these on CentOS, but they should work. All other systems and all bets are off.)
Run the command "make" in the main project directory
Try to get each program to pop a shell (or change the control flow to your advantage in some way) without modifying the source code. You can try to execute some shell code, but that's the old boring way to do things. Look for something else.
Profit?

For some spoilers read:

http://packetstormsecurity.com/files/121751/Modern-Overflow-Targets.html

or

http://packetstormsecurity.com/files/123977/Bypassing-AddressSanitizer.html

Spoilers below!

Hints and Challenge Description

Stack Objects - Did you know you could put objects on the stack? -fstack-protector-all prevents you from writing over the stored instruction pointer, but that doesn't mean it prevents all buffer overflows on the stack. Just don't write over the canary...
Heap Objects - Overflowing is a little bit different on the heap. Metadata checks will test the linked list pointers used to maintain allocations. If you free/delete after a heap overflow on modern clib you're likely to get a segfault.
Canary Conundrums - Oh no! The target is on the other side of a canary from the vulnerable buffer! When function a returns there's bound to be a segfault. If function a returns...
Integer Behavior - Hmm, it looks like there's some careful sanitization on that integer input. How does that ALU thing work again? Plus, this was compiled with AddressSanitizer. One wrong byte and it'll be a segfault.
Heap Havoc - In the real world the heap is constantly changing. Challenge number 2 is pretty trivial compared to this one.
AddressSanitizer Woes - AddressSanitizer is extremely carefully thought out. It was very challenging to balance improved security without breaking backwards compatibility. Sometimes, all it takes is a few corrupted bytes to pop a shell. That's good, because AddressSanitizer doesn't give you all that many bytes to work with.

More to come later...

advancedmemorychallenges's People

Contributors

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.