how to create a multi vulnerable code with info leaks in windows 10?

hshshsm33122 (1)
I am trying to create a poc in order to achieve the following vulnerabilty bug class in my code for my research porpuses based on the top 25 from cwe I got the following list from the most insecure code bug class, how can I implement an Out-of-bounds Read / Out-of-bounds Write in the shown code in order bypass ASLR security via info leaks?

```
Information leak
Out-of-bounds Read
Use After Free
Integer Overflow or Wraparound
Out-of-bounds Write
Heap overflow
```



> The only way to reliably bypass DEP and ASLR is through an pointer
> leak. This is a situation where a value on the stack, at a reliable
> location, might be used to locate a usable function pointer or ROP
> gadget. Once this is done, it is sometimes possible to create a
> payload that reliably bypasses both protection mechanisms.



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
#include <iostream>
using std::cout;
using std::endl;

class A
{
public:
    void Func() { cout << "the address is: " << this <<endl; }
};

void Test(void)
{
    A *p;

    p->Func();

    {
        A a;
        p = &a; 
        p->Func();
    }

    p->Func();  //dangling pointer
}

int main()
{
    Test(); 
    return 0;
}

Last edited on
dutch (2548)
Glossary:
POC: Proof of Concept

CWE: Common Weakness Enumeration
Top 25 list: https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html

ASLR: Address Space Layout Randomization
https://en.wikipedia.org/wiki/Address_space_layout_randomization

DEP: Data Execution Prevention
https://en.wikipedia.org/wiki/Executable_space_protection

ROP: Return-Oriented Programming
https://en.wikipedia.org/wiki/Return-oriented_programming

Last edited on
Topic archived. No new replies allowed.