Memory corruption bugs don't always have to result in arbitrary code execution. Sometimes a memory corruption bug can be put to an entirely different purpose, in this case turning it into an Infoleak bug to bypass ASLR.

This workshop demonstrates how to make infoleak bugs happen seemingly from thin air. Students will work with a 12 year old vulnerability in a popular web server and turn it into a brand new Infoleak bug.

Outline
- Case study of an integer overflow bug in a popular web server.
- Understanding the chain of function calls and frames on the stack.
- Understanding the basis of an infoleak.
- Using GDB to hit trace black box binaries to analyse the sequence of function calls.
- Diverting the flow of functions after memory corruption to produce meaningful output.
- Populating the output with arbitrary values.
- Leaking the stack pointer address.
- Leaking libc base address.
- Putting the infoleak exploit together

The case study will be presented for X86 as well as ARM32 binaries.

Theory - 1 hour
Exercise - 1 hour

Students will be provided with a docker container with the necessary debugging and exploit development tools. Students are expected to bring a laptop with a working Docker installation.