Skip to main content

Advertisement

Table 1 List of CTF pwn programs evaluated with Revery

From: From proof-of-concept to exploitable

  Name CTF Vul type Crash type Vio. Final state EXP Rex
Control Flow Hijack woO2 TU CTF 2016 UAF heap err V1 EIP hijack Y N
  woO2 _fixed TU CTF 2016 UAF heap err V1 EIP hijack Y N
  shop 2 ASIS Final 2015 UAF mem read V1 EIP hijack Y N
  main RHme3 CTF 2017 UAF mem read V1 mem write Y N
  babyheap SECUINSIDE 2017 UAF mem read V1 mem write Y N
  b00ks ASIS Quals 2016 Off-by-one no crash V1 mem write Y N
  marimo Codegate 2018 Heap BOF no crash V1 mem write Y N
  ezhp Plaid CTF 2014 Heap BOF no crash V1 mem write Y N
  note1 ZCTF 2016 Heap BOF no crash V1 mem write Y N
Exploit-able State note2 ZCTF 2016 Heap BOF no crash V1 unlink init N N
  note3 ZCTF 2016 Heap BOF no crash V1 unlink init N N
  fb AliCTF 2016 Heap BOF no crash V1 unlink init N N
  stkof HITCON 2014 Heap BOF no crash V1 unlink init N N
  simple note Tokyo Westerns 2017 Off-by-one no crash V1 unlink init N N
Failed childheap SECUINSIDE 2017 Double Free heap err V1 - N N
  CarMarket ASIS Finals 2016 Off-by-one no crash V1 - N N
  SimpleMemoPad CODEBLUE 2017 Heap BOF no crash - - N N
  LFA 34c3 2017 Heap BOF no crash - - N N
  Recurse 33c3 2016 UAF no crash - - N N
  1. Out of 19 applications, Revery could generate exploits for 9 of them, and generate EXP inputs to trigger exploitable state for another 5 of them, and failed for the rest 5