File Structure Exploitation is a binary exploitation technique that uses GLIBC file streams structures to gain code execution. It has become popular since pointers like __malloc_hook, __free_hook, ...

I was looking for some CTFs to play during the weekend then I saw that NexHunt CTF had a few hours left so I joined the CTF with about 3 hours left until the CTF ends. I was only able to solve 2 p...

Explanation of large bin attack

House of Force This is a older exploitation technique that works on glibc 2.27 and lower. The goal of the house of force is to get malloc() to return a arbitrary value/address by overwriting the ...

Explanation on how off-by-one vulnerability on the heap can lead to RCE

House of spirit attack allows us to get malloc to return a fake chunk to a region we have some control over (such as the bss or stack). Goal Add a attacker controlled buffer into the tcache/fastb...

Steps Allocate 10 chunks. 7 chunk to fill tcache bins chunk 8 will be used later for later consolidation chunk 9 is the victim chunk chunk 10 is to prevent consolid...

About The binary The binary is dynamically linked, and has all security mitigations turned on. Reversing main int main() { void* fsbase int64_t canary = *(fsbase + 0x28) setup() puts("What ...

Sigreturn Oriented Programming. SROP (Sigreturn Oriented Programming) is binary exploitation technique that leverages the signal handling mechanisms in POSIX systems to gain control over CPU regis...

Overview So what are Uninitialized variables? Uninitialized variables are variables that are declared byt they are not assigned a value e.g. #include <stdio.h> // complile : gcc vuln.c -o...