6.1.35 pwn 0CTF2018 heapstorm2

• 题目复现

• 题目解析

• 漏洞利用

• 参考资料

下载文件

题目复现

$ file heapstorm2 
heapstorm2: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=875a94fee796b76933b4142702569c3f57adadc9, stripped
$ pwn checksec --file heapstorm2 
[*] '/home/firmy/Desktop/heapstorm2/heapstorm2'
    Arch:     amd64-64-little
    RELRO:    Full RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
$ strings libc-2.24.so | grep "GNU C"
GNU C Library (Debian GLIBC 2.24-11+deb9u3) stable release version 2.24, by Roland McGrath et al.
Compiled by GNU CC version 6.3.0 20170516.

题目解析

漏洞利用

参考资料

• https://ctftime.org/task/5701

• https://dangokyo.me/2018/04/07/0ctf-2018-pwn-heapstorm2-write-up/