c++ executables exploitation support

[rockrid3r]

C++ executables usually require libstdc++ shared object file.
Having version mismatch btw libc and libstdc++ will usually cause an error on startup:

$ LD_PRELOAD=./libc.so.6 ./ld-2.35.so ./exe
./libc.so.6: version `GLIBC_2.36' not found (required by /lib/x86_64-linux-gnu/libstdc++.so.6)

While libc usually is provided by chal's author, the libstdc++ usually is not. Using local in-system libstdc++ (in /usr/lib...) often causes version mismatch, which produces the error above. The task is to find the corresponding libstdc++ for given libc and download it.

Right now pwninit does not searches for libstdc++ when dealing with c++ chals. Gonna add this feature

• Add -cpp flag to mark chal as C++ and not C. So pwninit -cpp should start C++ initialization
• When -cpp download the corresponding libstdc++ based on detected ld.so or libc.so.6 version.

The example is roppenheimer chal from recent ductf-2023

[rockrid3r]

The libstdc++ is not synchronously released with each libc.so version (indeed they are provided in different packages). I couldn't find any relation between libstdc++ and libc.so version, so probably it does not matter.

So the goal here is to find the version of libstdc++ such that executable just starts well (without error as above).

The only dependency might be the minimum version of libc. The task is to find such libstdc++ that provided libc.so fits in the minimum range.

From exploitation perspective it does not matter. All haxxxing is done with libc.so. (Please let me know if i'm wrong). libstdc++ is just another shared-object file.

• During CTF it might be important having the same libstdc++ as on remote. But if this is the case, authors of CTF challenge should provide it.

To sum up:

• For given libc.so (or ld.so) need to find the version of libstdc++ so that libc.so fits into the minimum required libc version. Info about minimum required libc version is provided in package summary (for example, see Requires[3]). So probably just parsing debian.pkgs.org(or ubuntu) is the only right way to find the corresponding libstdc++.

[k4lizen]

Am encountering this issuse currently so I would be glad to see this feature added!

[LittFlower]

Has this feature been added?