farfetchd

Farfetch’d Session 1

The following shell session modifies the mmap’d, malloc’d, and read-only memory of some target processes.

Note that each process would print out “Hey this is private!” if left untampered.

asciicast

$ ../targets/mmap &
[1] 12409
$ 0xfffff7ff6000

$ sudo ./farfetchd 12409 0xfffff7ff6000 100

bvi version 1.4.0 Copyright (C) 1996-2014 by Gerhard Buergmann
$ fg
../targets/mmap
^CHey this is HACKED!!
$ ../targets/malloc &
[1] 12415
$ 0xaaaaaaab22a0

$ sudo ./farfetchd 12415 0xaaaaaaab22a0 100

bvi version 1.4.0 Copyright (C) 1996-2014 by Gerhard Buergmann
$ fg
../targets/malloc
^CHey this is HAXORED!
$ ../targets/strlit &
[1] 12446
$ 0xaaaaaaaa09d8

$ sudo ./farfetchd 12446 0xaaaaaaaa09d8 100

bvi version 1.4.0 Copyright (C) 1996-2014 by Gerhard Buergmann
$ fg
../targets/strlit
^CHey this is WRITABLE?!
$ ../targets/fork &
[1] 12482
$ Parent: 0xfffff7ff6000
Child: 0xfffff7ff6000

$ pgrep fork
12482
12483
$ sudo ./farfetchd 12482 0xfffff7ff6000 100

bvi version 1.4.0 Copyright (C) 1996-2014 by Gerhard Buergmann
$ sudo ./farfetchd 12483 0xfffff7ff6000 100

bvi version 1.4.0 Copyright (C) 1996-2014 by Gerhard Buergmann
$ fg
../targets/fork
^CChild: Hey this is CHILD!!!
Parent: Hey this is PARENT!!