Security_RNRF

25. The Heap: dlmalloc unlink() exploit - bin.0x18 : In the previous video, we looked at the "free()" implementation of "dlmalloc". : We had almost found a "unlink()" macro that could be used to write arbitrary data. : We have to think and create different styles on one same subject while studying hacking. : Let's take a look at what a heap looks like. -> If you assign a certain size of "chunk,"..

24. The Heap: Once upon a free() - bin.0x17 : The previous "heap" development video was about application logic abuse. : Originally, it was because the program used the wrong data in "heap". But this time, I try to abuse "heap". : Exploiting oldschool dlmalloc unlink() : Prerequisite -> How a heap chunk looks like -> Pointers and addresses -> Debugging with GDB -> Previous videos about the Heap(..

23. The Heap: How do use-after-free exploits work? - bin.0x16 : Let's take apart the very common problem that still happens continuously: "heap2”. -> Let's understand the code first. : C code(/opt/protostar/bin/heap2) #include #include #include #include #include struct auth { char name[32]; int auth; }; struct auth *auth; # pointers(addresses) char *service; # pointers(addresses) int main(int ar..

22. Explaining Dirty COW local root exploit - CVE-2016-5195 : Content -> dirtyc0w local privilege escalation user(1000) -> root(0) found by Phil Oester in the wild original finder: unknown : The vulnerability is very old and is that the end user of the system will be a local elevation and root. -> Let's look at it and explore how it works. : Download and compile the exploit using a vulnerable Ub..

21. The Heap: How to exploit a Heap Overflow - bin.0x15 : Content -> Blackbox approach to heap1 binary -> Exploiting while ignoring the heap -> overwriting an entry on the GOT : Let's make some assumptions before we practice. -> I will be a security researcher who wants to find bugs to exploit first.(= Hacker) -> Then we become developers trying to understand the exploit to solve the problem.(= ..

20. The Heap: what does malloc() do? - bin.0x14 : Content -> Heap - memory region -> mmap() -> malloc() -> abstract interpretation of the heap : What exactly is "heap"? : What does "malloc" actually do? -> You will generally know that more memory is needed for programming. -> Then, allocate memory through "malloc" to create the heap and release it again when finished. : First, before we talk abo..

19. Format String Exploit and overwirte the Global Offset Table - bin.0x13 : Content -> format string exploit -> arbitrary write -> Overwriting GOT entry : To dynamically link libraries to binaries (by default, how to program) : Format4(C Code)(/opt/protostar/bin/format4) #include #include #include #include int target; void hello() { printf("code execution redirected! you win\n"); _exit(1); } vo..

18. Global Offset Table(GOT) and Procedure Linkage Table(PLT) - bin.0x12 : Content -> Global Offset Table(GOT) -> Procedure Linkage Table(PLT) -> Dynamic Libraries : Create a very simple C program that calls two "libc" functions. -> vim test.c -> int main(){ printf("Hello World!\n"); printf("This is LiveOverflow\n"); exit(0); return 1; } -> gcc tset.c -o test -> ./test -> Hello World! This is Li..

17. A simple Format String exploit example - bin.0x11 : Content -> format string exploit -> leaking stack memory -> arbirary write : First, what is the format string? -> A typical function, "printf," is the printing of formalized data on standard output. -> SYNOPSIS #include int printf(const char *format, ...); int fprintf(FILE *stream, const char *format, ...); int sprintf(char *str, const char..

16. Reverse engineering C programs - bin.0x10 : Content -> function calls -> variables -> if, for-/while-loop : Create a simple C program and analyze the assembly code. -> vim test.c -> int main(){ printf(”Test\n”); } -> gcc test.c -o test -> r2 test > aaa (Error?) > s main > pdf ;-- main: / (fcn) sym.main 23 | sym.main (); | ; DATA XREF from 0x0000054d (entry0) | 0x0000063a 55 push rbp | 0x0000..