Simple PWN - 0x17(UAF - leak information)

Posted on 2023-01-24 | Post modified | In Security Course｜NTU CS｜PWN - 2022 |

Simple PWN - 0x17(UAF - leak information)

tags: `CTF` `PWN` `eductf`

Version: Ubuntu 20.04

UAF backgroud

Original Code

#include <stdio.h>
#include <stdlib.h>

int main()
{
    void *p1, *p2;
    p1 = malloc(0x30);
    p2 = malloc(0x30);

    free(p1);
    free(p2);

    puts(p2);
}

If we set the pointer to NULL after it was freed, then we can get some vital info. from this chunk.

Analyze

After malloc all pointer
After free p1
After free p2, the data section will transfer to store metadata, and fd store the address of p1 header
Thus, we print out the value of p2, we will leak something if it wasn’t set NULL after it was freed

Post author: SBK6401
Post link: https://bernie6401.github.io/Simple-PWN-0x17(UAF-leak-information)/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.