pwncollege_Dynamic Allocator Exploitation

描述

The glibc heap consists of many components distinct parts that balance performance and security. Beyond tcache exists a memory management system consisting of many interrelated bins and components. This module explores these components and interactions between them. By applying advanced heap exploits that “shape” the internal state of the heap, exploitation primitives can be created. Heap exploits are complex and ephemeral, frequently changing with libc versions. For this reason, success in the module relies on parsing heap exploit proof of concepts to craft an exploit.

1
glibc 堆由多个旨在平衡性能与安全性的独立组件构成。在 tcache 之外存在一个由众多相互关联的容器与组件组成的内存管理系统。本模块将深入探讨这些组件及其交互机制。通过运用能够"塑造"堆内部状态的高级堆漏洞利用技术,可构造出攻击原语。堆漏洞利用具有复杂性与时效性,常随 libc 版本更迭而变化。因此,本模块的成功关键在于解析堆漏洞利用的概念验证,进而构建有效攻击方案。

Introduction