From ba02c1bd6981675aaf5a0b6cddb7457e53d5eed1 Mon Sep 17 00:00:00 2001 From: Brett Weiland Date: Mon, 4 Jan 2021 16:32:01 -0600 Subject: new file: HeapLAB+Bible.pdf new file: HeapLAB/.glibc/glibc_2.23/ld-2.23.so new file: HeapLAB/.glibc/glibc_2.23/ld.so.2 new file: HeapLAB/.glibc/glibc_2.23/libc-2.23.so new file: HeapLAB/.glibc/glibc_2.23/libc.so.6 new file: HeapLAB/.glibc/glibc_2.23/libio/genops.c new file: HeapLAB/.glibc/glibc_2.23/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.23_unsafe-unlink/ld-2.23.so new file: HeapLAB/.glibc/glibc_2.23_unsafe-unlink/ld.so.2 new file: HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libc-2.23.so new file: HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libc.so.6 new file: HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libio/genops.c new file: HeapLAB/.glibc/glibc_2.23_unsafe-unlink/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.24/ld-2.24.so new file: HeapLAB/.glibc/glibc_2.24/ld.so.2 new file: HeapLAB/.glibc/glibc_2.24/libc-2.24.so new file: HeapLAB/.glibc/glibc_2.24/libc.so.6 new file: HeapLAB/.glibc/glibc_2.24/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.25/ld-2.25.so new file: HeapLAB/.glibc/glibc_2.25/ld.so.2 new file: HeapLAB/.glibc/glibc_2.25/libc-2.25.so new file: HeapLAB/.glibc/glibc_2.25/libc.so.6 new file: HeapLAB/.glibc/glibc_2.25/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.26/ld-2.26.so new file: HeapLAB/.glibc/glibc_2.26/ld.so.2 new file: HeapLAB/.glibc/glibc_2.26/libc-2.26.so new file: HeapLAB/.glibc/glibc_2.26/libc.so.6 new file: HeapLAB/.glibc/glibc_2.26/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.26_no-tcache/ld-2.26.so new file: HeapLAB/.glibc/glibc_2.26_no-tcache/ld.so.2 new file: HeapLAB/.glibc/glibc_2.26_no-tcache/libc-2.26.so new file: HeapLAB/.glibc/glibc_2.26_no-tcache/libc.so.6 new file: HeapLAB/.glibc/glibc_2.26_no-tcache/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.27/ld-2.27.so new file: HeapLAB/.glibc/glibc_2.27/ld.so.2 new file: HeapLAB/.glibc/glibc_2.27/libc-2.27.so new file: HeapLAB/.glibc/glibc_2.27/libc.so.6 new file: HeapLAB/.glibc/glibc_2.27/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.27_no-tcache/ld-2.27.so new file: HeapLAB/.glibc/glibc_2.27_no-tcache/ld.so.2 new file: HeapLAB/.glibc/glibc_2.27_no-tcache/libc-2.27.so new file: HeapLAB/.glibc/glibc_2.27_no-tcache/libc.so.6 new file: HeapLAB/.glibc/glibc_2.27_no-tcache/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.27_ubuntu1804/.debug/ld-2.27.so new file: HeapLAB/.glibc/glibc_2.27_ubuntu1804/.debug/libc-2.27.so new file: HeapLAB/.glibc/glibc_2.27_ubuntu1804/ld-2.27.so new file: HeapLAB/.glibc/glibc_2.27_ubuntu1804/ld.so.2 new file: HeapLAB/.glibc/glibc_2.27_ubuntu1804/libc-2.27.so new file: HeapLAB/.glibc/glibc_2.27_ubuntu1804/libc.so.6 new file: HeapLAB/.glibc/glibc_2.28/ld-2.28.so new file: HeapLAB/.glibc/glibc_2.28/ld.so.2 new file: HeapLAB/.glibc/glibc_2.28/libc-2.28.so new file: HeapLAB/.glibc/glibc_2.28/libc.so.6 new file: HeapLAB/.glibc/glibc_2.28/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.28_no-tcache/ld-2.28.so new file: HeapLAB/.glibc/glibc_2.28_no-tcache/ld.so.2 new file: HeapLAB/.glibc/glibc_2.28_no-tcache/libc-2.28.so new file: HeapLAB/.glibc/glibc_2.28_no-tcache/libc.so.6 new file: HeapLAB/.glibc/glibc_2.28_no-tcache/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.29/ld-2.29.so new file: HeapLAB/.glibc/glibc_2.29/ld.so.2 new file: HeapLAB/.glibc/glibc_2.29/libc-2.29.so new file: HeapLAB/.glibc/glibc_2.29/libc.so.6 new file: HeapLAB/.glibc/glibc_2.29/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.29_no-tcache/ld-2.29.so new file: HeapLAB/.glibc/glibc_2.29_no-tcache/ld.so.2 new file: HeapLAB/.glibc/glibc_2.29_no-tcache/libc-2.29.so new file: HeapLAB/.glibc/glibc_2.29_no-tcache/libc.so.6 new file: HeapLAB/.glibc/glibc_2.29_no-tcache/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.29_ubuntu1904/.debug/ld-2.29.so new file: HeapLAB/.glibc/glibc_2.29_ubuntu1904/.debug/libc-2.29.so new file: HeapLAB/.glibc/glibc_2.29_ubuntu1904/ld-2.29.so new file: HeapLAB/.glibc/glibc_2.29_ubuntu1904/ld.so.2 new file: HeapLAB/.glibc/glibc_2.29_ubuntu1904/libc-2.29.so new file: HeapLAB/.glibc/glibc_2.29_ubuntu1904/libc.so.6 new file: HeapLAB/.glibc/glibc_2.30/ld-2.30.so new file: HeapLAB/.glibc/glibc_2.30/ld.so.2 new file: HeapLAB/.glibc/glibc_2.30/libc-2.30.so new file: HeapLAB/.glibc/glibc_2.30/libc.so.6 new file: HeapLAB/.glibc/glibc_2.30/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.30_no-tcache/ld-2.30.so new file: HeapLAB/.glibc/glibc_2.30_no-tcache/ld.so.2 new file: HeapLAB/.glibc/glibc_2.30_no-tcache/libc-2.30.so new file: HeapLAB/.glibc/glibc_2.30_no-tcache/libc.so.6 new file: HeapLAB/.glibc/glibc_2.30_no-tcache/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.31/ld-2.31.so new file: HeapLAB/.glibc/glibc_2.31/ld.so.2 new file: HeapLAB/.glibc/glibc_2.31/libc-2.31.so new file: HeapLAB/.glibc/glibc_2.31/libc.so.6 new file: HeapLAB/.glibc/glibc_2.31/malloc/malloc.c new file: HeapLAB/.glibc/glibc_2.31_no-tcache/ld-2.31.so new file: HeapLAB/.glibc/glibc_2.31_no-tcache/ld.so.2 new file: HeapLAB/.glibc/glibc_2.31_no-tcache/libc-2.31.so new file: HeapLAB/.glibc/glibc_2.31_no-tcache/libc.so.6 new file: HeapLAB/.glibc/glibc_2.31_no-tcache/malloc/malloc.c new file: HeapLAB/.src/demo_fastbins.c new file: HeapLAB/.src/demo_top_chunk.c new file: HeapLAB/.src/demo_unsortedbin.c new file: HeapLAB/HeapLab - GLIBC Heap Exploitation.pdf new file: HeapLAB/challenge-fastbin_dup/.gdb_history new file: HeapLAB/challenge-fastbin_dup/bruh.py new file: HeapLAB/challenge-fastbin_dup/fastbin_dup_2 new file: HeapLAB/challenge-fastbin_dup/pwntools_template.py new file: HeapLAB/challenge-one_byte/one_byte new file: HeapLAB/challenge-one_byte/pwntools_template.py new file: HeapLAB/fastbin_dup/demo new file: HeapLAB/fastbin_dup/fastbin_dup new file: HeapLAB/fastbin_dup/pwntools_template.py new file: HeapLAB/house_of_force/demo new file: HeapLAB/house_of_force/house_of_force new file: HeapLAB/house_of_force/pwntools_template.py new file: HeapLAB/house_of_orange/house_of_orange new file: HeapLAB/house_of_orange/pwntools_template.py new file: HeapLAB/malloc_testbed/.links/ld.so.2 new file: HeapLAB/malloc_testbed/.links/libc.so.6 new file: HeapLAB/malloc_testbed/change_glibc_version.py new file: HeapLAB/malloc_testbed/malloc_testbed new file: HeapLAB/malloc_testbed/pwntools_template.py new file: HeapLAB/safe_unlink/pwntools_template.py new file: HeapLAB/safe_unlink/safe_unlink new file: HeapLAB/unsafe_unlink/demo new file: HeapLAB/unsafe_unlink/pwntools_template.py new file: HeapLAB/unsafe_unlink/unsafe_unlink new file: original.gz --- HeapLAB/challenge-fastbin_dup/.gdb_history | 256 +++++++++++++++++++++++++++++ 1 file changed, 256 insertions(+) create mode 100644 HeapLAB/challenge-fastbin_dup/.gdb_history (limited to 'HeapLAB/challenge-fastbin_dup/.gdb_history') diff --git a/HeapLAB/challenge-fastbin_dup/.gdb_history b/HeapLAB/challenge-fastbin_dup/.gdb_history new file mode 100644 index 0000000..b2cbfcb --- /dev/null +++ b/HeapLAB/challenge-fastbin_dup/.gdb_history @@ -0,0 +1,256 @@ +x &main_arena +x/100x &main_arena +print main_arena +fastbins +q +fastbins +fastbins +c +exit +quit +quit +fastbins +print main_arena +q +print main_arena +q +vis_heap_chunks +print main_arena +db main_arena +db &main_arena +db &main_arena/100 +db &main_arena 100 +db &main_arena 1000 +x main_arena.top +x &main_arena.top +db &main_arena 100 +c +fastbins +print main_arena +x main_arena.fasbinsY +x &main_arena.fastbinsY +quit +fastbins +x 0x7f0946700b70 +db 0x7f0946700b70 100 +q +fastbins +q +fastbins +q +fastbinsx +db &main_arena 100 +q +db 0x7f2e5c845b60 +0x7f2e5c845b70 + 16 +x 0x7f2e5c845b70 + 16 +x 0x7f2e5c845b70 +x 0x7f2e5c845b70 +x 0x7f2e5c845b60 +vis_heap_chunks +db 0x7f0ba6e3db70 +db 0x555bdeaca000 100 +db 0x7f0ba6e3db70 +db 0x7f0ba6e3db70 - 8 +db 0x7f0ba6e3db70-8 +db 0x7f0ba6e3db70-7 +q +x 0x7fcf882cbb69 +db 0x7fcf882cbb69 +q +vis_heap_chunks +print main_arena +q +print main_arena +vis_heap_chunks +q +print main_arena +q +print main_arena +fastbins +r +q +r +c +fastbisn +vis_heap_chunks +fastbins +quit +fastbins +print main_arena +c +print main_arena +q +print main_arena +print main_arena +x malloc_free_hook +x __free_hook +x &__free_hook +x &__free_hook 100 +db &__free_hook 100 +q +q +q +q +print main_arena +db 0x7f4858584e10 +c +print victim +q +fastbins +c +x idx +x chunksize(p) +x chunksize +x p +fastbins +q +x __free_hook +x &__free_hook 100 +db &__free_hook 100 +db &__free_hook - 100 +db &__free_hook-100 +db &__free_hook-100 100 +print main_arena +x 0x7fca0f75fe10 +x/100 0x7fca0f75fe10 +x/100 0x7fca0f75fe10-100 +c +q +break malloc +c +fastbins +x __free_hook +fastins +fastbins +print main_arena +x 0x7f072b59ee10 +break malloc +break free +continue +c +c +c +print main_arena +vis_heap_chunks +vis_heap_chunks +c +vis_heap_chunks +break free +break malloc +c +print main_arena +x &__free_hook - 16 +q +print main_arena +vis_heap_chunks +c +c +c +q +db __malloc_hook +db &__malloc_hook +x __malloc_hook +x &__malloc_hook +c +break sysmalloc +c +frame 2 +context +c +break main +c +q +x &__malloc_hook +print __malloc_hook +print &__malloc_hook +print __main_arena +print main_arena +print main_arena +x __malloc_hook +x &__malloc_hook +db &__malloc_hook +db &__malloc_hook-100 100 +db &__malloc_hook-100 100*8 +db &__malloc_hook-100 (100*8)+1 +fastbins +c +print main_arena +x __malloc_hook +x &__malloc_hook +db &__malloc_hook-100 (100*8)+1 +c +db &__malloc_hook-100 (100*8)+1 +print main_arena +x 0x7f5b07a18b40 +break malloc +c +c +c +q +break __libc_malloc +break malloc +break __malloc_hook +b __malloc_hook +b &__malloc_hook +b *__malloc_hook +b *&__malloc_hook +c +delete 3 +c +pwndbg heap +vis_heap_chunks +print __mallinfo +x __mallinfo +print &__mallinfo +print *__mallinfo +print __mallinfo +print &__mallinfo +print main_arena +c +break malloc +c +x main_arena.top_check +x main_arena.top_chunk +print main_arena +x 0x7f4854db6b40 +x 0x7f4854db6b40 +x 0x7f4854db6b40 +c +x 0x7f4854db6b40 +fastbins +c +x 0x7f4854db6b40 +c +x 0x7f4854db6b40 +x main_arena +x &main_arena +x &__malloc_hook +x main_arena.top +db main_arena.top +c +c +c +q +print __malloc_hook +print __malloc_hook +fastbins +c +fastbins +c +vis_heap_chunks +c +fastbins +r +c +fastbins +print main_arena +vis_heap +c +fastbins +fastbins +c +fastbins +r +c + quit -- cgit v1.2.3