Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

c++ executables exploitation support #295

Open
2 tasks
rockrid3r opened this issue Sep 3, 2023 · 2 comments
Open
2 tasks

c++ executables exploitation support #295

rockrid3r opened this issue Sep 3, 2023 · 2 comments

Comments

@rockrid3r
Copy link

rockrid3r commented Sep 3, 2023
edited
Loading

C++ executables usually require libstdc++ shared object file.
Having version mismatch btw libc and libstdc++ will usually cause an error on startup:

$ LD_PRELOAD=./libc.so.6 ./ld-2.35.so ./exe
./libc.so.6: version `GLIBC_2.36' not found (required by /lib/x86_64-linux-gnu/libstdc++.so.6)

While libc usually is provided by chal's author, the libstdc++ usually is not. Using local in-system libstdc++ (in /usr/lib...) often causes version mismatch, which produces the error above. The task is to find the corresponding libstdc++ for given libc and download it.

Right now pwninit does not searches for libstdc++ when dealing with c++ chals. Gonna add this feature

  • Add -cpp flag to mark chal as C++ and not C. So pwninit -cpp should start C++ initialization
  • When -cpp download the corresponding libstdc++ based on detected ld.so or libc.so.6 version.

The example is roppenheimer chal from recent ductf-2023
@rockrid3r
Copy link
Author

rockrid3r commented Sep 3, 2023
edited
Loading

The libstdc++ is not synchronously released with each libc.so version (indeed they are provided in different packages). I couldn't find any relation between libstdc++ and libc.so version, so probably it does not matter.

So the goal here is to find the version of libstdc++ such that executable just starts well (without error as above).

The only dependency might be the minimum version of libc. The task is to find such libstdc++ that provided libc.so fits in the minimum range.

From exploitation perspective it does not matter. All haxxxing is done with libc.so. (Please let me know if i'm wrong). libstdc++ is just another shared-object file.

  • During CTF it might be important having the same libstdc++ as on remote. But if this is the case, authors of CTF challenge should provide it.

To sum up:

  • For given libc.so (or ld.so) need to find the version of libstdc++ so that libc.so fits into the minimum required libc version. Info about minimum required libc version is provided in package summary (for example, see Requires[3]). So probably just parsing debian.pkgs.org(or ubuntu) is the only right way to find the corresponding libstdc++.

@k4lizen
Copy link

k4lizen commented Mar 12, 2024

Am encountering this issuse currently so I would be glad to see this feature added!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rockrid3r @k4lizen