how2heap: learn heap exploitation

hacker_compMany of the deadliest hacks and malware use stack and heap exploitation techniques to gain privileged access to a computer or destroy everything on the disk. If you are a budding white hat hacker or the developer of an industry-grade software, you must learn how they work and the techniques to counter those issues. how2heap is a collection of C programs which explain the working principles behind heap attacks.

At the time of writing the 5 programs are available:

  1. fastbin_dup.c: tricks malloc into returning an already-allocated heap pointer by abusing the fastbin freelist.
  2. fastbin_dup_into_stack.c: tricks malloc into returning a nearly-arbitrary pointer by abusing the fastbin freelist.
  3. unsafe_unlink.c: exploits free on a corrupted chunk to get arbitrary write.
  4. house_of_spirit.c: frees a fake fastbin chunk to get malloc to return a nearly-arbitrary pointer.
  5. poison_null_byte.c: exploits a single null byte overflow.

malloc_playground.c is an interactive program to allocate and free chunks of memory.

Applicable CTF (Capture The Flag) hacking challenges are also linked to try out the lessons you learnt.

Compilation

The usual steps would have been:

$ git clone https://github.com/shellphish/how2heap
$ cd how2heap/
$ make

The code is a great resource to skim through and learn the possible gotchas of heap memory allocation.

On GitHub: how2heap

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s