From 3e3bcfd4441e85249c1025386d1d1a3c2fd1ab5f Mon Sep 17 00:00:00 2001 From: CPol Date: Sun, 16 Jun 2024 08:49:18 +0000 Subject: [PATCH] GITBOOK-4363: No subject --- SUMMARY.md | 50 +++++++++---------- .../aw2exec-__malloc_hook.md | 4 +- .../{heap => libc-heap}/README.md | 0 .../bins-and-memory-allocations.md | 0 .../{heap => libc-heap}/double-free.md | 0 .../{heap => libc-heap}/fast-bin-attack.md | 0 .../heap-memory-functions/README.md | 0 .../heap-memory-functions/free.md | 0 .../heap-functions-security-checks.md | 0 .../malloc-and-sysmalloc.md | 0 .../heap-memory-functions/unlink.md | 0 .../{heap => libc-heap}/heap-overflow.md | 0 .../{heap => libc-heap}/house-of-einherjar.md | 0 .../{heap => libc-heap}/house-of-force.md | 0 .../{heap => libc-heap}/house-of-lore.md | 0 .../{heap => libc-heap}/house-of-orange.md | 0 .../{heap => libc-heap}/house-of-rabbit.md | 0 .../{heap => libc-heap}/house-of-roman.md | 0 .../{heap => libc-heap}/house-of-spirit.md | 0 .../{heap => libc-heap}/large-bin-attack.md | 0 .../off-by-one-overflow.md | 0 .../overwriting-a-freed-chunk.md | 0 .../{heap => libc-heap}/tcache-bin-attack.md | 0 .../{heap => libc-heap}/unlink-attack.md | 0 .../unsorted-bin-attack.md | 0 .../use-after-free/README.md | 0 .../use-after-free/first-fit.md | 0 binary-exploitation/stack-overflow/README.md | 4 +- 28 files changed, 29 insertions(+), 29 deletions(-) rename binary-exploitation/{heap => libc-heap}/README.md (100%) rename binary-exploitation/{heap => libc-heap}/bins-and-memory-allocations.md (100%) rename binary-exploitation/{heap => libc-heap}/double-free.md (100%) rename binary-exploitation/{heap => libc-heap}/fast-bin-attack.md (100%) rename binary-exploitation/{heap => libc-heap}/heap-memory-functions/README.md (100%) rename binary-exploitation/{heap => libc-heap}/heap-memory-functions/free.md (100%) rename binary-exploitation/{heap => libc-heap}/heap-memory-functions/heap-functions-security-checks.md (100%) rename binary-exploitation/{heap => libc-heap}/heap-memory-functions/malloc-and-sysmalloc.md (100%) rename binary-exploitation/{heap => libc-heap}/heap-memory-functions/unlink.md (100%) rename binary-exploitation/{heap => libc-heap}/heap-overflow.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-einherjar.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-force.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-lore.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-orange.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-rabbit.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-roman.md (100%) rename binary-exploitation/{heap => libc-heap}/house-of-spirit.md (100%) rename binary-exploitation/{heap => libc-heap}/large-bin-attack.md (100%) rename binary-exploitation/{heap => libc-heap}/off-by-one-overflow.md (100%) rename binary-exploitation/{heap => libc-heap}/overwriting-a-freed-chunk.md (100%) rename binary-exploitation/{heap => libc-heap}/tcache-bin-attack.md (100%) rename binary-exploitation/{heap => libc-heap}/unlink-attack.md (100%) rename binary-exploitation/{heap => libc-heap}/unsorted-bin-attack.md (100%) rename binary-exploitation/{heap => libc-heap}/use-after-free/README.md (100%) rename binary-exploitation/{heap => libc-heap}/use-after-free/first-fit.md (100%) diff --git a/SUMMARY.md b/SUMMARY.md index f611535b2..10fb234e7 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -722,31 +722,31 @@ * [Format Strings](binary-exploitation/format-strings/README.md) * [Format Strings - Arbitrary Read Example](binary-exploitation/format-strings/format-strings-arbitrary-read-example.md) * [Format Strings Template](binary-exploitation/format-strings/format-strings-template.md) -* [Heap](binary-exploitation/heap/README.md) - * [Bins & Memory Allocations](binary-exploitation/heap/bins-and-memory-allocations.md) - * [Heap Memory Functions](binary-exploitation/heap/heap-memory-functions/README.md) - * [free](binary-exploitation/heap/heap-memory-functions/free.md) - * [malloc & sysmalloc](binary-exploitation/heap/heap-memory-functions/malloc-and-sysmalloc.md) - * [unlink](binary-exploitation/heap/heap-memory-functions/unlink.md) - * [Heap Functions Security Checks](binary-exploitation/heap/heap-memory-functions/heap-functions-security-checks.md) - * [Use After Free](binary-exploitation/heap/use-after-free/README.md) - * [First Fit](binary-exploitation/heap/use-after-free/first-fit.md) - * [Double Free](binary-exploitation/heap/double-free.md) - * [Overwriting a freed chunk](binary-exploitation/heap/overwriting-a-freed-chunk.md) - * [Heap Overflow](binary-exploitation/heap/heap-overflow.md) - * [Unlink Attack](binary-exploitation/heap/unlink-attack.md) - * [Fast Bin Attack](binary-exploitation/heap/fast-bin-attack.md) - * [Unsorted Bin Attack](binary-exploitation/heap/unsorted-bin-attack.md) - * [Large Bin Attack](binary-exploitation/heap/large-bin-attack.md) - * [Tcache Bin Attack](binary-exploitation/heap/tcache-bin-attack.md) - * [Off by one overflow](binary-exploitation/heap/off-by-one-overflow.md) - * [House of Spirit](binary-exploitation/heap/house-of-spirit.md) - * [House of Lore | Small bin Attack](binary-exploitation/heap/house-of-lore.md) - * [House of Einherjar](binary-exploitation/heap/house-of-einherjar.md) - * [House of Force](binary-exploitation/heap/house-of-force.md) - * [House of Orange](binary-exploitation/heap/house-of-orange.md) - * [House of Rabbit](binary-exploitation/heap/house-of-rabbit.md) - * [House of Roman](binary-exploitation/heap/house-of-roman.md) +* [Libc Heap](binary-exploitation/libc-heap/README.md) + * [Bins & Memory Allocations](binary-exploitation/libc-heap/bins-and-memory-allocations.md) + * [Heap Memory Functions](binary-exploitation/libc-heap/heap-memory-functions/README.md) + * [free](binary-exploitation/libc-heap/heap-memory-functions/free.md) + * [malloc & sysmalloc](binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md) + * [unlink](binary-exploitation/libc-heap/heap-memory-functions/unlink.md) + * [Heap Functions Security Checks](binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md) + * [Use After Free](binary-exploitation/libc-heap/use-after-free/README.md) + * [First Fit](binary-exploitation/libc-heap/use-after-free/first-fit.md) + * [Double Free](binary-exploitation/libc-heap/double-free.md) + * [Overwriting a freed chunk](binary-exploitation/libc-heap/overwriting-a-freed-chunk.md) + * [Heap Overflow](binary-exploitation/libc-heap/heap-overflow.md) + * [Unlink Attack](binary-exploitation/libc-heap/unlink-attack.md) + * [Fast Bin Attack](binary-exploitation/libc-heap/fast-bin-attack.md) + * [Unsorted Bin Attack](binary-exploitation/libc-heap/unsorted-bin-attack.md) + * [Large Bin Attack](binary-exploitation/libc-heap/large-bin-attack.md) + * [Tcache Bin Attack](binary-exploitation/libc-heap/tcache-bin-attack.md) + * [Off by one overflow](binary-exploitation/libc-heap/off-by-one-overflow.md) + * [House of Spirit](binary-exploitation/libc-heap/house-of-spirit.md) + * [House of Lore | Small bin Attack](binary-exploitation/libc-heap/house-of-lore.md) + * [House of Einherjar](binary-exploitation/libc-heap/house-of-einherjar.md) + * [House of Force](binary-exploitation/libc-heap/house-of-force.md) + * [House of Orange](binary-exploitation/libc-heap/house-of-orange.md) + * [House of Rabbit](binary-exploitation/libc-heap/house-of-rabbit.md) + * [House of Roman](binary-exploitation/libc-heap/house-of-roman.md) * [Common Binary Exploitation Protections & Bypasses](binary-exploitation/common-binary-protections-and-bypasses/README.md) * [ASLR](binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md) * [Ret2plt](binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md) diff --git a/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md b/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md index 9f2d76960..17580e31c 100644 --- a/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md +++ b/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md @@ -34,8 +34,8 @@ Note that hooks are **disabled for GLIBC >= 2.34**. There are other techniques t This was abused in one of the example from the page abusing a fast bin attack after having abused an unsorted bin attack: -{% content-ref url="../heap/unsorted-bin-attack.md" %} -[unsorted-bin-attack.md](../heap/unsorted-bin-attack.md) +{% content-ref url="../libc-heap/unsorted-bin-attack.md" %} +[unsorted-bin-attack.md](../libc-heap/unsorted-bin-attack.md) {% endcontent-ref %} A nice trick (from [**here**](https://guyinatuxedo.github.io/41-house\_of\_force/bkp16\_cookbook/index.html)) to find the location of the free hook if the binary has symbols is to **do something like**: diff --git a/binary-exploitation/heap/README.md b/binary-exploitation/libc-heap/README.md similarity index 100% rename from binary-exploitation/heap/README.md rename to binary-exploitation/libc-heap/README.md diff --git a/binary-exploitation/heap/bins-and-memory-allocations.md b/binary-exploitation/libc-heap/bins-and-memory-allocations.md similarity index 100% rename from binary-exploitation/heap/bins-and-memory-allocations.md rename to binary-exploitation/libc-heap/bins-and-memory-allocations.md diff --git a/binary-exploitation/heap/double-free.md b/binary-exploitation/libc-heap/double-free.md similarity index 100% rename from binary-exploitation/heap/double-free.md rename to binary-exploitation/libc-heap/double-free.md diff --git a/binary-exploitation/heap/fast-bin-attack.md b/binary-exploitation/libc-heap/fast-bin-attack.md similarity index 100% rename from binary-exploitation/heap/fast-bin-attack.md rename to binary-exploitation/libc-heap/fast-bin-attack.md diff --git a/binary-exploitation/heap/heap-memory-functions/README.md b/binary-exploitation/libc-heap/heap-memory-functions/README.md similarity index 100% rename from binary-exploitation/heap/heap-memory-functions/README.md rename to binary-exploitation/libc-heap/heap-memory-functions/README.md diff --git a/binary-exploitation/heap/heap-memory-functions/free.md b/binary-exploitation/libc-heap/heap-memory-functions/free.md similarity index 100% rename from binary-exploitation/heap/heap-memory-functions/free.md rename to binary-exploitation/libc-heap/heap-memory-functions/free.md diff --git a/binary-exploitation/heap/heap-memory-functions/heap-functions-security-checks.md b/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md similarity index 100% rename from binary-exploitation/heap/heap-memory-functions/heap-functions-security-checks.md rename to binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md diff --git a/binary-exploitation/heap/heap-memory-functions/malloc-and-sysmalloc.md b/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md similarity index 100% rename from binary-exploitation/heap/heap-memory-functions/malloc-and-sysmalloc.md rename to binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md diff --git a/binary-exploitation/heap/heap-memory-functions/unlink.md b/binary-exploitation/libc-heap/heap-memory-functions/unlink.md similarity index 100% rename from binary-exploitation/heap/heap-memory-functions/unlink.md rename to binary-exploitation/libc-heap/heap-memory-functions/unlink.md diff --git a/binary-exploitation/heap/heap-overflow.md b/binary-exploitation/libc-heap/heap-overflow.md similarity index 100% rename from binary-exploitation/heap/heap-overflow.md rename to binary-exploitation/libc-heap/heap-overflow.md diff --git a/binary-exploitation/heap/house-of-einherjar.md b/binary-exploitation/libc-heap/house-of-einherjar.md similarity index 100% rename from binary-exploitation/heap/house-of-einherjar.md rename to binary-exploitation/libc-heap/house-of-einherjar.md diff --git a/binary-exploitation/heap/house-of-force.md b/binary-exploitation/libc-heap/house-of-force.md similarity index 100% rename from binary-exploitation/heap/house-of-force.md rename to binary-exploitation/libc-heap/house-of-force.md diff --git a/binary-exploitation/heap/house-of-lore.md b/binary-exploitation/libc-heap/house-of-lore.md similarity index 100% rename from binary-exploitation/heap/house-of-lore.md rename to binary-exploitation/libc-heap/house-of-lore.md diff --git a/binary-exploitation/heap/house-of-orange.md b/binary-exploitation/libc-heap/house-of-orange.md similarity index 100% rename from binary-exploitation/heap/house-of-orange.md rename to binary-exploitation/libc-heap/house-of-orange.md diff --git a/binary-exploitation/heap/house-of-rabbit.md b/binary-exploitation/libc-heap/house-of-rabbit.md similarity index 100% rename from binary-exploitation/heap/house-of-rabbit.md rename to binary-exploitation/libc-heap/house-of-rabbit.md diff --git a/binary-exploitation/heap/house-of-roman.md b/binary-exploitation/libc-heap/house-of-roman.md similarity index 100% rename from binary-exploitation/heap/house-of-roman.md rename to binary-exploitation/libc-heap/house-of-roman.md diff --git a/binary-exploitation/heap/house-of-spirit.md b/binary-exploitation/libc-heap/house-of-spirit.md similarity index 100% rename from binary-exploitation/heap/house-of-spirit.md rename to binary-exploitation/libc-heap/house-of-spirit.md diff --git a/binary-exploitation/heap/large-bin-attack.md b/binary-exploitation/libc-heap/large-bin-attack.md similarity index 100% rename from binary-exploitation/heap/large-bin-attack.md rename to binary-exploitation/libc-heap/large-bin-attack.md diff --git a/binary-exploitation/heap/off-by-one-overflow.md b/binary-exploitation/libc-heap/off-by-one-overflow.md similarity index 100% rename from binary-exploitation/heap/off-by-one-overflow.md rename to binary-exploitation/libc-heap/off-by-one-overflow.md diff --git a/binary-exploitation/heap/overwriting-a-freed-chunk.md b/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md similarity index 100% rename from binary-exploitation/heap/overwriting-a-freed-chunk.md rename to binary-exploitation/libc-heap/overwriting-a-freed-chunk.md diff --git a/binary-exploitation/heap/tcache-bin-attack.md b/binary-exploitation/libc-heap/tcache-bin-attack.md similarity index 100% rename from binary-exploitation/heap/tcache-bin-attack.md rename to binary-exploitation/libc-heap/tcache-bin-attack.md diff --git a/binary-exploitation/heap/unlink-attack.md b/binary-exploitation/libc-heap/unlink-attack.md similarity index 100% rename from binary-exploitation/heap/unlink-attack.md rename to binary-exploitation/libc-heap/unlink-attack.md diff --git a/binary-exploitation/heap/unsorted-bin-attack.md b/binary-exploitation/libc-heap/unsorted-bin-attack.md similarity index 100% rename from binary-exploitation/heap/unsorted-bin-attack.md rename to binary-exploitation/libc-heap/unsorted-bin-attack.md diff --git a/binary-exploitation/heap/use-after-free/README.md b/binary-exploitation/libc-heap/use-after-free/README.md similarity index 100% rename from binary-exploitation/heap/use-after-free/README.md rename to binary-exploitation/libc-heap/use-after-free/README.md diff --git a/binary-exploitation/heap/use-after-free/first-fit.md b/binary-exploitation/libc-heap/use-after-free/first-fit.md similarity index 100% rename from binary-exploitation/heap/use-after-free/first-fit.md rename to binary-exploitation/libc-heap/use-after-free/first-fit.md diff --git a/binary-exploitation/stack-overflow/README.md b/binary-exploitation/stack-overflow/README.md index cf9e5fd8a..339930f40 100644 --- a/binary-exploitation/stack-overflow/README.md +++ b/binary-exploitation/stack-overflow/README.md @@ -101,8 +101,8 @@ This technique is the fundamental framework to bypass the main protection to the An overflow is not always going to be in the stack, it could also be in the **heap** for example: -{% content-ref url="../heap/heap-overflow.md" %} -[heap-overflow.md](../heap/heap-overflow.md) +{% content-ref url="../libc-heap/heap-overflow.md" %} +[heap-overflow.md](../libc-heap/heap-overflow.md) {% endcontent-ref %} ## Types of protections