LinKern x64 - SLUB off-by-one

115 Points

Exploit an off-by-one on this vulnerable module

Author

Tosh, 9 May 2019

Level

Validations

5 Challengers 1%

Note

3 Votes

To reach this part of the site please login

Solution

Submit a solution

Challenge Results

Pseudo	Challenge	Lang	date
pickle	LinKern x64 - SLUB off-by-one		19 May 2019 at 04:56
kikko	LinKern x64 - SLUB off-by-one		17 May 2019 at 21:53
LevitatingLion	LinKern x64 - SLUB off-by-one		16 May 2019 at 20:32
franb	LinKern x64 - SLUB off-by-one		15 May 2019 at 19:10
kowu	LinKern x64 - SLUB off-by-one		15 May 2019 at 04:23

68 Challenges

Results	Challenge's Name	Validations	Number of points	Difficulty	Author	Note	Solution
	ELF x86 - Stack buffer overflow basic 1	9% 10675	5		Lyes		11
	ELF x86 - Stack buffer overflow basic 2	7% 8037	10		Lyes		10
	ELF x86 - Format string bug basic 1	5% 5341	15		Lu33Y		5
	ELF x64 - Stack buffer overflow - basic	3% 3864	20		Arod		5
	ELF x86 - Format string bug basic 2	2% 2618	20		Lyes		5
	ELF x86 - Race condition	3% 3595	20		Lu33Y		8
	ELF ARM - Stack buffer overflow - basic	1% 595	25		pickle		7
	ELF MIPS - Stack buffer overflow - No NX	1% 128	25		franb		2
	ELF x86 - Stack buffer overflow basic 3	2% 2568	25		Lyes		2
	ELF ARM - Stack Spraying	1% 119	30		pickle		4
	ELF x86 - BSS buffer overflow	3% 2871	30		Lu33Y		6
	ELF x86 - Stack buffer overflow basic 4	2% 1898	30		Lu33Y		5
	ELF x86 - Stack buffer overflow basic 6	2% 1504	30		TiWim		4
	ELF x86 - Format String Bug Basic 3	1% 711	35		Lyes		2
	ELF ARM - Basic ROP	1% 277	40		pickle		4
	ELF MIPS - Basic ROP	1% 45	40		dagger		1
	ELF x86 - Stack buffer overflow - C++ vtables	1% 503	40		sebbb		2
	ELF x64 - Logic bug	1% 95	50		sbrk		2
	ELF x86 - Bug Hunting - Several issues	1% 49	50		sbrk		0
	ELF x86 - Stack buffer and integer overflow	2% 1398	50		Lu33Y		3
	ELF x86 - Stack buffer overflow - ret2dl_resolve	1% 47	50		kikko		0
	ELF x86 - Stack buffer overflow basic 5	1% 1288	50		Lu33Y		1
	ELF x64 - Stack buffer overflow - advanced	1% 692	55		Arod		3
	ELF MIPS - Format String Glitch	1% 21	60		pickle, martin		0
	ELF x86 - Information leakage with Stack Smashing Protector	1% 519	60		Arod		2
	ELF ARM - Race condition	1% 70	70		pickle		1
	ELF x64 - Browser exploit - Intro	1% 28	70		pickle		1
	ELF x86 - Out of bounds attack - French Paradox	1% 62	70		sbrk		2
	ELF x86 - Remote BSS buffer overflow	1% 615	75		Tosh		1
	ELF x86 - Remote Format String bug	1% 753	75		Tosh		2
	ELF x64 - Remote heap buffer overflow - fastbin	1% 158	80		franb		1
	ELF x86 - Blind remote format string bug	1% 197	80		Lyes		1
	LinKern ARM - vulnerable syscall	1% 62	85		pickle		0
	LinKern x86 - Buffer overflow basic 1	1% 259	85		franb		2
	LinKern x86 - Null pointer dereference	1% 271	90		franb		0
	LinKern x64 - Race condition	1% 175	95		franb		0
	ELF ARM - Alphanumeric shellcode	1% 21	100		pickle		2
	ELF MIPS - URLEncoded Format String bug	1% 8	100		pickle		0
	ELF x86 - Hardened binary 1	1% 480	100		sm0k		3
	ELF x86 - Hardened binary 2	1% 384	100		sm0k		3
	ELF x86 - Hardened binary 3	1% 243	100		sm0k		1
	ELF x86 - Hardened binary 4	1% 273	100		sm0k		2
	LinKern MIPSel - Vulnerable ioctl	1% 14	100		pickle		0
	LinKern x64 - reentrant code	1% 92	100		franb		1
	ELF ARM - Heap format string bug	1% 39	105		franb		0
	ELF x64 - Sigreturn Oriented Programming	1% 163	105		Arod		2
	ELF ARM - Format String bug	1% 44	110		pickle		0
	ELF ARM - Use After Free	1% 44	110		pickle		0
	ELF x64 - Heap feng-shui	1% 34	110		laxa		2
	ELF x64 - Off-by-one bug	1% 81	110		NeedToLearn		2
	ELF x86 - Hardened binary 5	1% 201	110		sm0k		1
	LinKern ARM - Stack Overflow	1% 24	110		pickle		0
	LinKern x86 - basic ROP	1% 137	110		franb		1
	ELF ARM - Heap Off-by-One	1% 30	115		pickle		1
	ELF x64 - Remote Heap buffer overflow 1	1% 98	115		Tosh		3
	ELF x86 - Hardened binary 6	1% 192	115		sm0k		3
	ELF x86 - Hardened binary 7	1% 155	115		Tosh		2
	ELF x86 - Remote stack buffer overflow - Hardened	1% 83	115		franb		1
	LinKern x64 - RowHammer	1% 20	115		pickle		0
	LinKern x64 - SLUB off-by-one	1% 5	115		Tosh		0
	ELF ARM - Heap buffer overflow - Wilderness	1% 19	120		pickle		1
	ELF ARM - Heap Overflow	1% 22	120		pickle		0
	ELF x64 - Seccomp Whitelist	1% 30	120		pickle		0
	ELF x86 - Blind ROP	1% 58	120		franb		0
	Linkern x64 - Memory exploration	1% 60	120		franb		1
	ELF x64 - Remote Heap buffer overflow 2	1% 72	130		Tosh, Fritz		1
	ELF x64 - Blind ROP	1% 35	135		franb		1
	ELF x64 - Browser exploit - BitString	1% 12	135		pickle		0