ELF x64 - Logic bug
Hi,
This is more a summary of what I (unsuccessfully) tried to do than a question, so I hope I don’t spoil:
As suggested in the attached document "Glibc the forgotten chunks", I am trying to do a heap overflow. In the "display_shifted_file_content" function, I try to overwrite the beginning of the "filename_alloc" chunk with by overfilling the "buf" chunk.
But I don’t succeed in overfilling it.
On the other hand, the second attached document suggests that fgets is a vulnerable function (it is the only function present in this doc and in the challenge code). I don’t see why such a function could help me overfilling anything...
Am I looking in completely wrong directions ?
Regards.
ELF x64 - Logic bug
Let me just say that my solution to the challenge is completely different (with respect to yours 2 proposed paths). But this challenge has many possible paths to the solution (exploiting different bugs). Big kudos to the sbrk for this challenge.
ELF x64 - Logic bug
@nonstandardmodel: Thanks for your small hint.
I recently came back to this nice challenge and I found a couple vulnerabilities in the binary. I have a question about one direction I’m currently looking at (again I hope I don’t spoil):
I can take control of the instruction pointer, but it does not help me much as the code section is randomized (it seems that I can’t do more than jump to some return addresses that were previously stored on the stack) and I don’t succeed in bypassing this randomization: I don’t control the stack. Do all know solutions include controlling the stack at some point (like most "system" challenges up to this level) ?
Best.
EDIT: I found another path to the password. Thanks sbrk for this rich binary.