Extra Heap Exploitation 1: House of Lore



In this post I am going to give a basic introduction on House of Lore exploitation technique. And I will use the source code of libc-2.23 for explanation.
Continue reading “Extra Heap Exploitation 1: House of Lore”


SECCON CTF 2017 Online Candy Store Write-Up


Since I was trying to make an extra tutorial on House of Lore exploitation technique recently and found this challenge in SECCON last year, I decided to use this challenge to demonstrate the usage of House of Lore.
The binary of this challenge is a bit complicated, I will first introduce the work flow of this challenge and then explain how to develop the exploit.
Continue reading “SECCON CTF 2017 Online Candy Store Write-Up”

フラゲを回収しました!! Make a new flag



After spending almost two months on the exploitation tutorial, I finally achieve the goal I made when I decided to start writing a tutorial on exploitation before new year. After a one-week break, I think I need to make some new goals next. So I will list the things I will do in the next two month as an appendices to my exploit tutorial.

Continue reading “フラゲを回収しました!! Make a new flag”

Advanced Heap Exploitation: File Stream Oriented Programming



In this post, I will give a detailed introduction of File Stream Oriented Programming, including the internal implementation on file structure, related file operation and corresponding exploitation techniques in CTF. This post is based on the source code of glibc-2.26. Since this post is for newbies interested in CTF challenges, I will add many implementation details based on source code. I write this post following the lecture notes given by [1].
Continue reading “Advanced Heap Exploitation: File Stream Oriented Programming”

Advanced Heap Exploitation: Unsorted bin attack & Overlapping chunk



In this post, I will introduce the exploitation techniques on unsorted bin attack and overlapping chunk. I will use sample codes, which are similar to the sample code given in [1] to demonstrate unsorted bin attack. Furthermore, I will use the sample given in [2] to demonstrate how to create overlapping chunk via shrinking chunk size.
Continue reading “Advanced Heap Exploitation: Unsorted bin attack & Overlapping chunk”