GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies
How to exploit a double free vulnerability in 2021. Use After Free for Dummies - stong/how-to-exploit-a-double-free
github.com
This bug doesn’t exist on x86: Exploiting an ARM-only race condition
How to exploit a double free and get a shell. "Use-After-Free for dummies"In this article, I'll teach you about real-world, modern binary exploitation, and a little about processor microarchitecture as well
My CTF team, perfect blue, just concluded hosting our annual CTF, pbctf. One challenge I contributed was centered around a race condition vulnerability that only existed on ARM. In this article I'll explain the bug, why it doesn't happen on x86 processors, and finally how it can be exploited to land a shell.
This article is quite long, so I've added bookmarks. It consists of three main sections:
- Walkthrough of the binary, and a peek into the mindset of a vulnerability researcher.
- Memory ordering, lock-free programming, and how this can lead to sneaky bugs.
- Exploiting an object lifetime heap corruption bug. How to get arbitrary read and write and finally, a shell.
