C++ Exploitation

aturt13 Dojo.

What if there were a programming language that allowed you to blow your whole leg off...

Challenges

Heap exploitation is hard. There's safelinking, metadata corruption detection mechanisms, FILE_plus has vtable validation... If only there were a data structure that would contain a pointer and a length and whose corruption would allow arbitrary read and write!

They promised that C++ would be safe... They lied.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

How simple it was to manipulate vtable and _wide_data in FILE_plus! As if libc developers wanted us to exploit programs this way. How nice of them. But what if FILE_struct_plus were not the only structure that makes use of vtables, i.e. tables of function pointers?

Leverage a vtable exploit to get a root shell.

Btw. I felt a bit paranoid, so I added some extra measures:

g++ -Wl,-z,relro,-z,now -fstack-protector -fcf-protection=full -o main main.cpp

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank		Hacker	Badges		Score

C++ Exploitation

aturt13 Dojo.

Challenges

What is a string?

Connect with SSH

What is a vtable?

Connect with SSH

30-Day Scoreboard:

C++ Exploitation

aturt13 Dojo.

Challenges

What is a string? 1 solves

What is a string?

Connect with SSH

What is a vtable? 0 solves

What is a vtable?

Connect with SSH

30-Day Scoreboard: