Race Condition Exploitation

The goals of this assignment are to:

  1. Analyze the source code of a program containing a race condition vulnerability
  2. Discover a sequence of inputs leading to spatial memory corruption
  3. Exploit the program to capture a secret flag

chall03

A variant of the list store analyzed in class is located in /home/chall03:

# ll /home/chall03
total 6448
-rwxr-sr-x. 1 root chall03 6590384 Feb 28 15:20 chall03
-rw-r--r--. 1 root root       6369 Feb 28 15:21 chall03.cpp
-r--r-----. 1 root chall03      42 Feb 28 15:26 flag

This program has NX enabled, but ASLR is disabled.

Use the techniques presented in class to execute a shell with the group privileges of chall03. With that shell, capture the contents of the flag.

Submission Instructions

Package your solution as a gzipped TAR archive. Include the source code for your attack as well as a README describing your solution, how to run it, and the contents of the flag.