how2heap
A repository for learning various heap exploitation techniques.
A collection of C programs demonstrating real heap memory exploitation techniques used in security research and CTF competitions, each with step-by-step comments explaining how the attack works.
how2heap is a collection of C programs, each demonstrating a different technique for exploiting the way Linux manages heap memory. The heap is a region of a program's memory used to store data dynamically at runtime, and it is managed by a system library called glibc. When that library has bugs or when a program misuses memory allocation, attackers can sometimes manipulate the heap's internal bookkeeping structures to cause the allocator to return pointers to unexpected memory locations, which can lead to control of the program.
Each file in the repository demonstrates one such technique in isolation, with readable code and comments explaining what is happening step by step. Techniques include things like tricking the allocator into returning a chunk of memory that is already in use, writing arbitrary values to addresses outside the intended allocation, and causing overlapping memory regions. The README is a large table mapping each file to the specific glibc versions it applies to, links to the patches that fixed the issue in later versions, and references to real competition challenges where the technique appeared.
This project comes from the CTF competition community. CTFs, or Capture the Flag events, are security competitions where participants solve challenges involving exploiting software vulnerabilities. Many of the techniques here are demonstrated alongside past CTF challenges that required them. The repository also integrates with a browser-based debugging environment, so some techniques can be stepped through interactively without setting up a local environment.
The target audience is security students, researchers, and CTF competitors who want to understand low-level memory exploitation. Each example is meant to be compiled and run on a Linux system running the corresponding Ubuntu and glibc version listed in the table. There is no graphical interface, no installer, and no turnkey tool. This is a learning resource made of documented C source files, aimed at people who are already comfortable with C programming and want to study how heap exploits work.
Where it fits
- Study a specific heap exploitation technique by reading and running its self-contained C file on a matching Ubuntu and glibc version.
- Prepare for CTF competitions by working through real challenge examples that required each allocator trick.
- Learn which glibc versions are vulnerable to which heap techniques and what patches addressed them.