Master the fundamental concepts of binary exploitation through this focused micro-challenge.
Heap exploitation targets dynamic memory management bugs rather than stack overflows. Corrupting heap metadata via malloc/free bugs can lead to arbitrary memory writes and code execution.
A glibc heap chunk contains:
size: chunk size including metadata (low 3 bits are flags)fd / bk: forward/backward pointers in free listsKey vulnerability classes:
For example, a double-free of chunk A can cause malloc to return the same address twice, giving two pointers to one allocation.
You will document heap chunk structure, vulnerability types, and modern allocator defenses like safe unlinking and tcache integrity checks. Heap bugs are the dominant vulnerability class in browsers and complex applications today.
Glibc's safe unlinking checks that fd->bk == chunk before removing a free chunk from a doubly linked list. Tcache (per-thread cache) added in glibc 2.26 speeds allocation but introduced new double-free checks. Safe-linking XOR-mangles pointers in recent versions. Despite defenses, heap bugs remain the top vulnerability class in browsers, where attackers combine UAF with JavaScript type confusion for reliable exploitation.
Implement a C program demonstrating heap exploitation concepts.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github