Introduction
A nice challenge to lead me revisiting the source of libc malloc. Please read my post on A Revisit to Large Bin first before reading this post.
Read More »
A nice challenge to lead me revisiting the source of libc malloc. Please read my post on A Revisit to Large Bin first before reading this post.
Read More »
In my post on allocation internal on ptmalloc, I actually miss one part of code in _int_malloc . In recent 0CTF 2018, this part of code is used to launch the exploit. Therefore, I decide to introduce this part of code in this post. In my previous posts, I only introduce how large chunks are retrieved from largebin, but I miss the part on how the freed chunks are inserted into largebin. This post will give a detailed introduction on this part.
Read More »
I take this challenge as a variation of FSOP (File Stream Oriented Programming). The glibc library given in this challenge is already patched with an extra check on the validity of the vtable of fake file stream. Though I have mentioned some bypass techniques in my previous posts, I use so-called vtable reuse attack to finally get the shell.
Read More »