rockrid3r
commented
1 year ago The libstdc++ is not synchronously released with each libc.so version (indeed they are provided in different packages). I couldn't find any relation between libstdc++ and libc.so version, so probably it does not matter.
So the goal here is to find the version of libstdc++ such that executable just starts well (without error as above).
The only dependency might be the minimum version of libc. The task is to find such libstdc++ that provided libc.so fits in the minimum range.
From exploitation perspective it does not matter. All haxxxing is done with libc.so. (Please let me know if i'm wrong). libstdc++ is just another shared-object file.
- During CTF it might be important having the same
libstdc++as on remote. But if this is the case, authors of CTF challenge should provide it.
To sum up:
- For given
libc.so(orld.so) need to find the version oflibstdc++so thatlibc.sofits into the minimum requiredlibcversion. Info about minimum requiredlibcversion is provided in package summary (for example, see Requires[3]). So probably just parsingdebian.pkgs.org(or ubuntu) is the only right way to find the correspondinglibstdc++.
k4lizen
C++ executables usually require
libstdc++shared object file. Having version mismatch btwlibcandlibstdc++will usually cause an error on startup:While
libcusually is provided by chal's author, thelibstdc++usually is not. Using local in-systemlibstdc++(in/usr/lib...) often causes version mismatch, which produces the error above. The task is to find the correspondinglibstdc++for givenlibcand download it.Right now pwninit does not searches for
libstdc++when dealing with c++ chals. Gonna add this feature-cppflag to mark chal as C++ and not C. Sopwninit -cppshould start C++ initialization-cppdownload the corresponding libstdc++ based on detectedld.soorlibc.so.6version.The example is roppenheimer chal from recent ductf-2023