Extra Heap Exploitation 1: House of Lore

20180115001

Introduction

In this post I am going to give a basic introduction on House of Lore exploitation technique. And I will use the source code of libc-2.23 for explanation.
Read More »

SECCON CTF 2017 Online Candy Store Write-Up

Introduction

Since I was trying to make an extra tutorial on House of Lore exploitation technique recently and found this challenge in SECCON last year, I decided to use this challenge to demonstrate the usage of House of Lore.
The binary of this challenge is a bit complicated, I will first introduce the work flow of this challenge and then explain how to develop the exploit.
Read More »

Advanced Heap Exploitation: File Stream Oriented Programming

Lambdadelta

Introduction

In this post, I will give a detailed introduction of File Stream Oriented Programming, including the internal implementation on file structure, related file operation and corresponding exploitation techniques in CTF. This post is based on the source code of glibc-2.26. Since this post is for newbies interested in CTF challenges, I will add many implementation details based on source code. I write this post following the lecture notes given by [1].
Read More »