avatar
Articles
14
Tags
0
Categories
0
Home
Archives
Link
About
Qanux's space
Search
Home
Archives
Link
About

高版本glibc堆利用笔记

Created2023-11-13|Updated2024-09-15
|Word Count:6|Reading Time:1mins|Post Views:
Author: Qanux
Link: https://qanux.github.io/2023/11/13/%E9%AB%98%E7%89%88%E6%9C%ACglibc%E5%A0%86%E5%88%A9%E7%94%A8%E7%AC%94%E8%AE%B0/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
Previous
记一道risc-v架构xv6操作系统的堆
avatar
Qanux
I won't pwn.
Articles
14
Tags
0
Categories
0
Follow Me
Announcement
Hello, this is Qanux!
Contents
  1. 1. 部分结构源码
    1. 1.1. _IO_FILE
    2. 1.2. _IO_jump_t
    3. 1.3. struct _IO_wide_data
    4. 1.4. _IO_wfile_jumps
    5. 1.5. _IO_printf_buffer_as_file_jumps
    6. 1.6. _IO_cookie_jumps
  2. 2. Tcache Stashing Unlink Attack
    1. 2.1. poc(how2heap):
  3. 3. fastbin reverse into tcache
    1. 3.1. poc(how2heap):
  4. 4. largebin attack
  5. 5. 利用_IO_2_1_stdout_泄露地址
  6. 6. 通过off_by_null进行unlink
  7. 7. house of botcake
  8. 8. house of kiwi(<= 2.36)
  9. 9. house of cat
  10. 10. house of 秦月汉关
    1. 10.1. 例子
  11. 11. house of apple2
  12. 12. house of husk
  13. 13. house of pig
  14. 14. house of emma
  15. 15. 劫持tls_dtor_list,利用__call_tls_dtors拿到权限
  16. 16. house of apple3 + house of 一骑当千
  17. 17. house of some
  18. 18. house of banana
  19. 19. 通过puts函数来触发IO链
  20. 20. house of some改进版
  21. 21. house of some2
    1. 21.1. 参考文章
Recent Post
UEFI SMM 漏洞挖掘与利用2024-12-14
linux file uaf2024-11-12
一题多解 SCTF 2024 kno_puts revenge2024-10-07
羊城杯 2024 pwn writeup2024-08-28
house of water & TFCCTF 2024 MCGUAVA2024-08-06
©2020 - 2024 By Qanux
Framework Hexo|Theme Butterfly
Search
Loading the Database