Skip to content

Hank0438/AEG

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
binaries
binaries
 
 
challenges
challenges
 
 
heaphopper.egg-info
heaphopper.egg-info
 
 
how2heap
how2heap
 
 
radare2
radare2
 
 
rewrite
rewrite
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

AEG

Feature

  • solve non-determined menu-type
  • detect and exploit heap vulnerable model in how2heap
  • use bounded model which motivated by heaphopper
  • merge and update scripts in Zerotool

Specify vulnerabilities to detect:

  • arbitrary write
  • allocations over already allocated memory
  • allocations over non-heap-memory
  • freeing of fake chunks

Input Source

  • input-type: STDIN
  • input-type: ARG
  • input-type: LIBPWNABLE

Usage and Test case

Buffer Overflow

Format String

Use After Free

  • check if free chunk mem_write
  • check if free chunk free (Double Free)

Heap Overflow (off-one-by-null)

  • check if malloc chunk header overwrite

Heap Overlap

  • check if malloc chunks (header_size + size) and addr

Free Fake Chunk

  • check if free non_chunk addr

Arbitary Relative Write

Single Bitflip

About

I am still working on it

Resources

Readme

License

GPL-3.0 license
Activity

Stars

11 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages