# Nyumba ya Maarifa | Shambulio la Bin ndogo
Jifunze AWS hacking kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
## Taarifa Msingi
### Kanuni
* Angalia ile kutoka [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house\_of\_lore/](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house\_of\_lore/)
* Hii haifanyi kazi
* Au: [https://github.com/shellphish/how2heap/blob/master/glibc\_2.39/house\_of\_lore.c](https://github.com/shellphish/how2heap/blob/master/glibc\_2.39/house\_of\_lore.c)
* Hii haifanyi kazi hata kama inajaribu kukiuka baadhi ya ukaguzi ikipata kosa: `malloc(): unaligned tcache chunk detected`
* Mfano huu bado unafanya kazi**:** [**https://guyinatuxedo.github.io/40-house\_of\_lore/house\_lore\_exp/index.html**](https://guyinatuxedo.github.io/40-house\_of\_lore/house\_lore\_exp/index.html)
### Lengo
* Ingiza **kikundi kidogo bandia kwenye bin ndogo ili kuiwezesha kutengwa**.\
Tambua kuwa kikundi kidogo kilichoongezwa ni kikundi bandia ambacho muhusika anaunda sio kikundi bandia katika nafasi ya kupita.
### Mahitaji
* Unda vikundi 2 bandia na uwalinganishe na wao na na kikundi halali kwenye bin ndogo:
* `fake0.bk` -> `fake1`
* `fake1.fd` -> `fake0`
* `fake0.fd` -> `legit` (unahitaji kurekebisha kiashiria katika kikundi kidogo kilichofutwa kupitia kasoro nyingine)
* `legit.bk` -> `fake0`
Kisha utaweza kutenga `fake0`.
### Shambulio
* Kikundi kidogo (`legit`) kinatengwa, kisha kingine kinatengwa kuzuia kulinganisha na kikundi cha juu. Kisha, legit inafutwa (ikihamisha kwenye orodha isiyopangwa) na kikundi kikubwa kinatengwa, **ikihamisha `legit` kwenye bin ndogo.**
* Mshambuliaji anazalisha vikundi vya bandia vya kidogo, na kufanya uhusiano wa lazima kukiuka ukaguzi wa akili:
* `fake0.bk` -> `fake1`
* `fake1.fd` -> `fake0`
* `fake0.fd` -> `legit` (unahitaji kurekebisha kiashiria katika kikundi kidogo kilichofutwa kupitia kasoro nyingine)
* `legit.bk` -> `fake0`
* Kikundi kidogo kinatengwa kupata legit, ikifanya **`fake0`** kuwa kwenye orodha ya juu ya vikundi vidogo
* Kikundi kingine kidogo kinatengwa, kupata fake0 kama kikundi, kuruhusu uwezekano wa kusoma/kuandika viashiria ndani yake.
## Marejeo
* [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house\_of\_lore/](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house\_of\_lore/)
* [https://heap-exploitation.dhavalkapil.com/attacks/house\_of\_lore](https://heap-exploitation.dhavalkapil.com/attacks/house\_of\_lore)
* [https://guyinatuxedo.github.io/40-house\_of\_lore/house\_lore\_exp/index.html](https://guyinatuxedo.github.io/40-house\_of\_lore/house\_lore\_exp/index.html)
Jifunze AWS hacking kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.