vptr Overwrite

The goals of this assignment are to:

  1. Analyze the source code of a program containing a dangling pointer vulnerability
  2. Discover a sequence of inputs leading to a vptr overwrite exploit
  3. Exploit the program to capture a secret flag

chall02

A variant of the key-value store analyzed in class is located in /home/chall02:

# ll /home/chall02
total 6516
-rwxr-sr-x. 1 root    chall02 6668112 Feb  9 18:04 chall02
-r--r-----. 1 chall02 chall02      68 Feb  9 18:13 flag

This program has NX enabled, but ASLR is disabled.

Use the techniques presented in class to execute a shell with the group privileges of chall02. With that shell, capture the contents of the flag.

Extra Credit: Develop an exploit that bypasses ASLR.

Submission Instructions

Package your solution as a gzipped TAR archive. Include the source code for your attack as well as a README describing your solution, how to run it, and the contents of the flag.


© 2024 wkr