- Heap Training exploitation course for GLibC.
- If you are going through this WITHOUT an instructor, please follow the slides and do the exercises in the order listed below.
Download the VM for the training! - TBD/TODO
- modules/
- Holds challenges for unique techniques (structure described in 'Assets Per Technique')
- demos/
- Showcasing of techniques and other fun things
- libc_versions:
- Versions of LibC and loader
- old_challenges:
- Old/failed challenges
- resources:
- Miscellaneous scripts and things
- Introduction to Malloc
- Heap Vulnerability Classes:
- Double free
- Use after free
- Arbitrary Frees
- Fd Poison:
- Tcache
- 2.32+ (pointer mangling)
- Unlink and Unsafe Unlink
- Overlapping chunks
- House of Force
- Unsorted Bin Attack && TCache Stashing Demo
- House of Spirit (meh... not a huge fan of this technique in general)
- Mmap Chunks + House of Muney -- not tested yet
- Leaks
- HTTP Server (final challenge)
- House of IO and New:
- Pointer mangling and House IO. Fun challenges in there but not super relevant anymore.
- House of Orange:
- Out of date + the POC doesn't work as you'd expect.
All of these are helpful per challenge but not all are implemented yet
- Challenge file:
- Challenge to test the knowledge of the technique
- Source & compiled binary with the LD_PRELOAD section handled
- Solution - python pwntools solution:
- Checkpoints for going from stage to stage, if stuck.
- Currently, this is ONLY implemented for the House of Spirit
- Checkpoints for going from stage to stage, if stuck.
- Slides for the technique:
- Background of heap mechanics needed
- Technique description
- Challenge
- Challenge Walkthrough
- Versions and situations
- Other things to discuss
- compile script (make)
- Patches the loader of the challenge files
tar xvf Heap\ Course\ DEFCON\ 30.ova
qemu-img convert -f vmdk -O qcow2 Heap\ Course\ DEFCON\ 30-disk002.vmdk HeapCourse.qcow2
qemu-system-x86_64 \
-smp 2 \
-hda HeapCourse.qcow2 \
-m 6G \
-usb \
-device usb-tablet