Since my CTF teammate hopes me to give a tutorial on writing exploit, I decide to write this post as a working plan. From my perspective, how to write exploit is a huge theme and it’s impossible to cover every aspect of writing exploit in one single post. So I write this post to outline what will be covered in my tutorial and urge me to write following posts.
Part 1: Control Flow Hijacking
ELF file format, PE file format, GOT table corruption, Stack buffer overflow, Return-Oriented-Programming, Virtual function call
Part 2: Heap Memory Management
Give a detailed explanation on heap management of ptmalloc based on source code of libc-2.25, including workflow of heap management and security checks.
https://paper.seebug.org/255/ (Chinese only)
Part 3: Heap Exploitation 1
In this section, I will give a detailed study in heap exploitation techniques based on the CTF challenges in the past year.
House of force: CodeBlue 2017 Nonamestill
House of Spirit: Hack.lu 2014 OREO
Unsafe unlink: TokyoWestern 2017 Simple Note 1
Fastbin attack: 0CTF 2017 Babyheap
Part 4: Heap Exploitation 2
In this section, give an introduction on the new exploitation techniques proposed in recent year.
Unsorted bin attack: 0CTF 2016 Zerostorage
Overlapping chunks: HITB 2017 Sentosa
House of mind: CodeBlue 2017 Demo Scene DB
House of orange: HITCON 2016 House of orange
File Stream Oriented Programming: HITCON 2017 Ghost in the heap