http://shivasurya.me/tags/use-after-free/Recent content in Use-After-Free on ShivasuryaHugoen-usSat, 06 May 2023 00:00:00 +0000http://shivasurya.me/2023/05/06/exploit-education-heap-two-exercise-writeup/Sat, 06 May 2023 00:00:00 +0000http://shivasurya.me/2023/05/06/exploit-education-heap-two-exercise-writeup/<p>If you haven&rsquo;t set up your lab yet, feel free to check out my previous article on <a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/01/06/exploit-education-lab-setup.html">Exploit.education lab setup</a></p> <p>Previous Writeup:</p> <ol> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/01/12/exploit-education-stack-zero-exercise-writeup.html">Stack Zero Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/01/20/exploit-education-stack-one-exercise-writeup.html">Stack One Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/01/26/exploit-education-stack-two-exercise-writeup.html">Stack Two Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/01/27/exploit-education-stack-three-exercise-writeup.html">Stack Three Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/01/28/exploit-education-stack-four-exercise-writeup.html">Stack Four Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/02/04/exploit-education-stack-five-exercise-writeup.html">Stack Five Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/02/26/exploit-education-stack-six-exercise-writeup.html">Stack Six Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/03/10/exploit-education-format-zero-exercise-writeup.html">Format Zero Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/03/31/exploit-education-format-one-exercise-writeup.html">Format One Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/04/07/exploit-education-format-two-exercise-writeup.html">Format Two Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/04/14/exploit-education-format-three-exercise-writeup.html">Format Three Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/04/21/exploit-education-format-four-exercise-writeup.html">Format Four Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/04/28/exploit-education-format-heap-exercise-writeup.html">Heap Zero Writeup - Exploit Education Lab Exercise</a></li> <li><a href="https://shivasurya.me/security/binary-exploit/reverse-engineering/friday-gems/2023/05/05/exploit-education-heap-one-exercise-writeup.html">Heap One Writeup - Exploit Education Lab Exercise</a></li> </ol> <h3 id="quick-overview">Quick Overview</h3> <p>Similar to Heap One, Heap Two exercise motive is to leverage buffer overflow and perform UAF (<strong>User-After-Free Vulnerability</strong>) that technically allows to re-use the allocated memory in the heap to control the program flow. Similar to <code>gets</code> in Heap Zero, <code>strdup</code> function is unsafe that doesn&rsquo;t have bounds check, it accepts memory address to copy but doesn&rsquo;t care about overwriting other declared struct variable in the heap region.</p>