new file: HeapLAB+Bible.pdf

new file:   HeapLAB/.glibc/glibc_2.23/ld-2.23.so
	new file:   HeapLAB/.glibc/glibc_2.23/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.23/libc-2.23.so
	new file:   HeapLAB/.glibc/glibc_2.23/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.23/libio/genops.c
	new file:   HeapLAB/.glibc/glibc_2.23/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.23_unsafe-unlink/ld-2.23.so
	new file:   HeapLAB/.glibc/glibc_2.23_unsafe-unlink/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libc-2.23.so
	new file:   HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libio/genops.c
	new file:   HeapLAB/.glibc/glibc_2.23_unsafe-unlink/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.24/ld-2.24.so
	new file:   HeapLAB/.glibc/glibc_2.24/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.24/libc-2.24.so
	new file:   HeapLAB/.glibc/glibc_2.24/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.24/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.25/ld-2.25.so
	new file:   HeapLAB/.glibc/glibc_2.25/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.25/libc-2.25.so
	new file:   HeapLAB/.glibc/glibc_2.25/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.25/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.26/ld-2.26.so
	new file:   HeapLAB/.glibc/glibc_2.26/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.26/libc-2.26.so
	new file:   HeapLAB/.glibc/glibc_2.26/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.26/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.26_no-tcache/ld-2.26.so
	new file:   HeapLAB/.glibc/glibc_2.26_no-tcache/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.26_no-tcache/libc-2.26.so
	new file:   HeapLAB/.glibc/glibc_2.26_no-tcache/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.26_no-tcache/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.27/ld-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.27/libc-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.27/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.27_no-tcache/ld-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27_no-tcache/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.27_no-tcache/libc-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27_no-tcache/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.27_no-tcache/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.27_ubuntu1804/.debug/ld-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27_ubuntu1804/.debug/libc-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27_ubuntu1804/ld-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27_ubuntu1804/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.27_ubuntu1804/libc-2.27.so
	new file:   HeapLAB/.glibc/glibc_2.27_ubuntu1804/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.28/ld-2.28.so
	new file:   HeapLAB/.glibc/glibc_2.28/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.28/libc-2.28.so
	new file:   HeapLAB/.glibc/glibc_2.28/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.28/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.28_no-tcache/ld-2.28.so
	new file:   HeapLAB/.glibc/glibc_2.28_no-tcache/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.28_no-tcache/libc-2.28.so
	new file:   HeapLAB/.glibc/glibc_2.28_no-tcache/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.28_no-tcache/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.29/ld-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.29/libc-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.29/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.29_no-tcache/ld-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29_no-tcache/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.29_no-tcache/libc-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29_no-tcache/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.29_no-tcache/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.29_ubuntu1904/.debug/ld-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29_ubuntu1904/.debug/libc-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29_ubuntu1904/ld-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29_ubuntu1904/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.29_ubuntu1904/libc-2.29.so
	new file:   HeapLAB/.glibc/glibc_2.29_ubuntu1904/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.30/ld-2.30.so
	new file:   HeapLAB/.glibc/glibc_2.30/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.30/libc-2.30.so
	new file:   HeapLAB/.glibc/glibc_2.30/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.30/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.30_no-tcache/ld-2.30.so
	new file:   HeapLAB/.glibc/glibc_2.30_no-tcache/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.30_no-tcache/libc-2.30.so
	new file:   HeapLAB/.glibc/glibc_2.30_no-tcache/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.30_no-tcache/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.31/ld-2.31.so
	new file:   HeapLAB/.glibc/glibc_2.31/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.31/libc-2.31.so
	new file:   HeapLAB/.glibc/glibc_2.31/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.31/malloc/malloc.c
	new file:   HeapLAB/.glibc/glibc_2.31_no-tcache/ld-2.31.so
	new file:   HeapLAB/.glibc/glibc_2.31_no-tcache/ld.so.2
	new file:   HeapLAB/.glibc/glibc_2.31_no-tcache/libc-2.31.so
	new file:   HeapLAB/.glibc/glibc_2.31_no-tcache/libc.so.6
	new file:   HeapLAB/.glibc/glibc_2.31_no-tcache/malloc/malloc.c
	new file:   HeapLAB/.src/demo_fastbins.c
	new file:   HeapLAB/.src/demo_top_chunk.c
	new file:   HeapLAB/.src/demo_unsortedbin.c
	new file:   HeapLAB/HeapLab - GLIBC Heap Exploitation.pdf
	new file:   HeapLAB/challenge-fastbin_dup/.gdb_history
	new file:   HeapLAB/challenge-fastbin_dup/bruh.py
	new file:   HeapLAB/challenge-fastbin_dup/fastbin_dup_2
	new file:   HeapLAB/challenge-fastbin_dup/pwntools_template.py
	new file:   HeapLAB/challenge-one_byte/one_byte
	new file:   HeapLAB/challenge-one_byte/pwntools_template.py
	new file:   HeapLAB/fastbin_dup/demo
	new file:   HeapLAB/fastbin_dup/fastbin_dup
	new file:   HeapLAB/fastbin_dup/pwntools_template.py
	new file:   HeapLAB/house_of_force/demo
	new file:   HeapLAB/house_of_force/house_of_force
	new file:   HeapLAB/house_of_force/pwntools_template.py
	new file:   HeapLAB/house_of_orange/house_of_orange
	new file:   HeapLAB/house_of_orange/pwntools_template.py
	new file:   HeapLAB/malloc_testbed/.links/ld.so.2
	new file:   HeapLAB/malloc_testbed/.links/libc.so.6
	new file:   HeapLAB/malloc_testbed/change_glibc_version.py
	new file:   HeapLAB/malloc_testbed/malloc_testbed
	new file:   HeapLAB/malloc_testbed/pwntools_template.py
	new file:   HeapLAB/safe_unlink/pwntools_template.py
	new file:   HeapLAB/safe_unlink/safe_unlink
	new file:   HeapLAB/unsafe_unlink/demo
	new file:   HeapLAB/unsafe_unlink/pwntools_template.py
	new file:   HeapLAB/unsafe_unlink/unsafe_unlink
	new file:   original.gz

HeapLAB/.glibc/glibc_2.23/ld.so.2

@@ -0,0 +1 @@
+ld-2.23.so

HeapLAB/.glibc/glibc_2.23/libc.so.6

@@ -0,0 +1 @@
+libc-2.23.so

HeapLAB/.glibc/glibc_2.23_unsafe-unlink/ld.so.2

@@ -0,0 +1 @@
+ld-2.23.so

HeapLAB/.glibc/glibc_2.23_unsafe-unlink/libc.so.6

@@ -0,0 +1 @@
+libc-2.23.so

HeapLAB/.glibc/glibc_2.24/ld.so.2

@@ -0,0 +1 @@
+ld-2.24.so

HeapLAB/.glibc/glibc_2.24/libc.so.6

@@ -0,0 +1 @@
+libc-2.24.so

HeapLAB/.glibc/glibc_2.25/ld.so.2

@@ -0,0 +1 @@
+ld-2.25.so

HeapLAB/.glibc/glibc_2.25/libc.so.6

@@ -0,0 +1 @@
+libc-2.25.so

HeapLAB/.glibc/glibc_2.26/ld.so.2

@@ -0,0 +1 @@
+ld-2.26.so

HeapLAB/.glibc/glibc_2.26/libc.so.6

@@ -0,0 +1 @@
+libc-2.26.so

HeapLAB/.glibc/glibc_2.26_no-tcache/ld.so.2

@@ -0,0 +1 @@
+ld-2.26.so

HeapLAB/.glibc/glibc_2.26_no-tcache/libc.so.6

@@ -0,0 +1 @@
+libc-2.26.so

HeapLAB/.glibc/glibc_2.27/ld.so.2

@@ -0,0 +1 @@
+ld-2.27.so

HeapLAB/.glibc/glibc_2.27/libc.so.6

@@ -0,0 +1 @@
+libc-2.27.so

HeapLAB/.glibc/glibc_2.27_no-tcache/ld.so.2

@@ -0,0 +1 @@
+ld-2.27.so

HeapLAB/.glibc/glibc_2.27_no-tcache/libc.so.6

@@ -0,0 +1 @@
+libc-2.27.so

HeapLAB/.glibc/glibc_2.27_ubuntu1804/ld.so.2

@@ -0,0 +1 @@
+ld-2.27.so

HeapLAB/.glibc/glibc_2.27_ubuntu1804/libc.so.6

@@ -0,0 +1 @@
+libc-2.27.so

HeapLAB/.glibc/glibc_2.28/ld.so.2

@@ -0,0 +1 @@
+ld-2.28.so

HeapLAB/.glibc/glibc_2.28/libc.so.6

@@ -0,0 +1 @@
+libc-2.28.so

HeapLAB/.glibc/glibc_2.28_no-tcache/ld.so.2

@@ -0,0 +1 @@
+ld-2.28.so

HeapLAB/.glibc/glibc_2.28_no-tcache/libc.so.6

@@ -0,0 +1 @@
+libc-2.28.so

HeapLAB/.glibc/glibc_2.29/ld.so.2

@@ -0,0 +1 @@
+ld-2.29.so

HeapLAB/.glibc/glibc_2.29/libc.so.6

@@ -0,0 +1 @@
+libc-2.29.so

HeapLAB/.glibc/glibc_2.29_no-tcache/ld.so.2

@@ -0,0 +1 @@
+ld-2.29.so

HeapLAB/.glibc/glibc_2.29_no-tcache/libc.so.6

@@ -0,0 +1 @@
+libc-2.29.so

HeapLAB/.glibc/glibc_2.29_ubuntu1904/ld.so.2

@@ -0,0 +1 @@
+ld-2.29.so

HeapLAB/.glibc/glibc_2.29_ubuntu1904/libc.so.6

@@ -0,0 +1 @@
+libc-2.29.so

HeapLAB/.glibc/glibc_2.30/ld.so.2

@@ -0,0 +1 @@
+ld-2.30.so

HeapLAB/.glibc/glibc_2.30/libc.so.6

@@ -0,0 +1 @@
+libc-2.30.so

HeapLAB/.glibc/glibc_2.30_no-tcache/ld.so.2

@@ -0,0 +1 @@
+ld-2.30.so

HeapLAB/.glibc/glibc_2.30_no-tcache/libc.so.6

@@ -0,0 +1 @@
+libc-2.30.so

HeapLAB/.glibc/glibc_2.31/ld.so.2

@@ -0,0 +1 @@
+ld-2.31.so

HeapLAB/.glibc/glibc_2.31/libc.so.6

@@ -0,0 +1 @@
+libc-2.31.so

HeapLAB/.glibc/glibc_2.31_no-tcache/ld.so.2

@@ -0,0 +1 @@
+ld-2.31.so

HeapLAB/.glibc/glibc_2.31_no-tcache/libc.so.6

@@ -0,0 +1 @@
+libc-2.31.so

HeapLAB/.src/demo_fastbins.c

@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char* argv[]) {
+
+    void* a = malloc(1);
+    void* b = malloc(1);
+    void* c = malloc(1);
+
+    free(a);
+    free(b);
+    free(c);
+
+    void* d = malloc(1);
+    void* e = malloc(1);
+    void* f = malloc(1);
+
+    return 0;
+}

HeapLAB/.src/demo_top_chunk.c

@@ -0,0 +1,14 @@
+#include <stdlib.h>
+
+int main(int argc, char* argv[]) {
+
+    void* a = malloc(9);
+
+    malloc(1);
+    malloc(0);
+
+    malloc(24);
+    malloc(25);
+
+    return 0;
+}

HeapLAB/.src/demo_unsortedbin.c

@@ -0,0 +1,16 @@
+#include <stdlib.h>
+
+int main(int argc, char* argv[]) {
+    void* a = malloc(0x88);
+    void* b = malloc(0x88);
+
+    free(b);
+
+    b = malloc(0x88);
+    malloc(0x18);
+
+    free(a);
+    free(b);
+
+    return 0;
+}

HeapLAB/challenge-fastbin_dup/.gdb_history

@@ -0,0 +1,256 @@
+x &main_arena
+x/100x &main_arena
+print main_arena
+fastbins
+q
+fastbins
+fastbins
+c
+exit
+quit
+quit
+fastbins
+print main_arena
+q
+print main_arena
+q
+vis_heap_chunks 
+print main_arena
+db main_arena
+db &main_arena
+db &main_arena/100
+db &main_arena 100
+db &main_arena 1000
+x main_arena.top
+x &main_arena.top
+db &main_arena 100
+c
+fastbins
+print main_arena
+x main_arena.fasbinsY
+x &main_arena.fastbinsY
+quit
+fastbins
+x 0x7f0946700b70
+db 0x7f0946700b70 100
+q
+fastbins
+q
+fastbins
+q
+fastbinsx
+db &main_arena 100
+q
+db 0x7f2e5c845b60
+0x7f2e5c845b70 + 16
+x 0x7f2e5c845b70 + 16
+x 0x7f2e5c845b70
+x 0x7f2e5c845b70
+x 0x7f2e5c845b60
+vis_heap_chunks 
+db 0x7f0ba6e3db70
+db 0x555bdeaca000 100
+db 0x7f0ba6e3db70
+db 0x7f0ba6e3db70 - 8
+db 0x7f0ba6e3db70-8
+db 0x7f0ba6e3db70-7
+q
+x 0x7fcf882cbb69
+db 0x7fcf882cbb69
+q
+vis_heap_chunks 
+print main_arena
+q
+print main_arena
+vis_heap_chunks 
+q
+print main_arena 
+q
+print main_arena 
+fastbins
+r
+q
+r
+c
+fastbisn
+vis_heap_chunks 
+fastbins
+quit
+fastbins
+print main_arena 
+c
+print main_arena 
+q
+print main_arena 
+print main_arena 
+x malloc_free_hook
+x __free_hook
+x &__free_hook
+x &__free_hook 100
+db &__free_hook 100
+q
+q
+q
+q
+print main_arena 
+db 0x7f4858584e10
+c
+print victim
+q
+fastbins
+c
+x idx
+x chunksize(p)
+x chunksize
+x p
+fastbins
+q
+x __free_hook 
+x &__free_hook 100
+db &__free_hook 100
+db &__free_hook - 100
+db &__free_hook-100
+db &__free_hook-100 100
+print main_arena 
+x 0x7fca0f75fe10
+x/100 0x7fca0f75fe10
+x/100 0x7fca0f75fe10-100
+c
+q
+break malloc
+c
+fastbins
+x __free_hook 
+fastins
+fastbins
+print main_arena 
+x 0x7f072b59ee10
+break malloc
+break free
+continue
+c
+c
+c
+print main_arena
+vis_heap_chunks 
+vis_heap_chunks 
+c
+vis_heap_chunks 
+break free
+break malloc
+c
+print main_arena
+x &__free_hook - 16
+q
+print main_arena
+vis_heap_chunks 
+c
+c
+c
+q
+db __malloc_hook
+db &__malloc_hook
+x __malloc_hook
+x &__malloc_hook
+c
+break sysmalloc
+c
+frame 2
+context
+c
+break main
+c
+q
+x &__malloc_hook
+print __malloc_hook
+print &__malloc_hook
+print __main_arena
+print main_arena
+print main_arena 
+x __malloc_hook
+x &__malloc_hook
+db &__malloc_hook
+db &__malloc_hook-100 100
+db &__malloc_hook-100 100*8
+db &__malloc_hook-100 (100*8)+1
+fastbins
+c
+print main_arena
+x __malloc_hook
+x &__malloc_hook
+db &__malloc_hook-100 (100*8)+1
+c
+db &__malloc_hook-100 (100*8)+1
+print main_arena
+x 0x7f5b07a18b40
+break malloc
+c
+c
+c
+q
+break __libc_malloc 
+break malloc
+break __malloc_hook
+b __malloc_hook 
+b &__malloc_hook 
+b *__malloc_hook 
+b *&__malloc_hook 
+c
+delete 3
+c
+pwndbg heap
+vis_heap_chunks 
+print __mallinfo
+x __mallinfo
+print  &__mallinfo
+print  *__mallinfo
+print  __mallinfo
+print &__mallinfo
+print main_arena
+c
+break malloc
+c
+x main_arena.top_check
+x main_arena.top_chunk
+print main_arena
+x 0x7f4854db6b40
+x 0x7f4854db6b40
+x 0x7f4854db6b40
+c
+x 0x7f4854db6b40
+fastbins
+c
+x 0x7f4854db6b40
+c
+x 0x7f4854db6b40
+x main_arena
+x &main_arena
+x &__malloc_hook
+x main_arena.top
+db main_arena.top
+c
+c
+c
+q
+print __malloc_hook
+print __malloc_hook 
+fastbins
+c
+fastbins
+c
+vis_heap_chunks 
+c
+fastbins
+r
+c
+fastbins
+print main_arena
+vis_heap
+c
+fastbins
+fastbins
+c
+fastbins
+r
+c
+ quit