YET ANOTHER NOTE TAKER About the binary The binary t1b4n3@debian:~/ctf/pascalctf/yetanothernotetaker/challenge$ file notetaker notetaker: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dyn...

This technique forces malloc to return a chunk from any address (arbitrary write/read primitive). It uses a off-by-one vulnerability to modify the prev_size of the next heap block, and unset the pr...

File Structure Exploitation is a binary exploitation technique that uses GLIBC file streams structures to gain code execution. It has become popular since pointers like __malloc_hook, __free_hook, ...

I was looking for some CTFs to play during the weekend then I saw that NexHunt CTF had a few hours left so I joined the CTF with about 3 hours left until the CTF ends. I was only able to solve 2 p...

Explanation of large bin attack

House of Force This is a older exploitation technique that works on glibc 2.27 and lower. The goal of the house of force is to get malloc() to return a arbitrary value/address by overwriting the ...

Explanation on how off-by-one vulnerability on the heap can lead to RCE

House of spirit attack allows us to get malloc to return a fake chunk to a region we have some control over (such as the bss or stack). Goal Add a attacker controlled buffer into the tcache/fastb...

Steps Allocate 10 chunks. 7 chunk to fill tcache bins chunk 8 will be used later for later consolidation chunk 9 is the victim chunk chunk 10 is to prevent consolid...

About The binary The binary is dynamically linked, and has all security mitigations turned on. Reversing main int main() { void* fsbase int64_t canary = *(fsbase + 0x28) setup() puts("What ...