In 0CTFQuals 2018 - BabyHeap
challenge, there is an off-by-one
vulnerability that leads to double free
vulnerability which allows us to launch fastbin dup
attack. Basically, we can leak a libc
address to de-randomize ASLR
, and overwrite __malloc_hook
with one gadget
to execute /bin/sh
. As part of our exploit, we managed to overwrite top chunk
pointer in the main arena
which forces malloc
to return an almost arbitrary memory location on the following allocation. This is an interesting heap exploitation
challenge to learn bypassing protections like NX
, Canary
, PIE
, Full RELRO
, and ASLR
in x86_64
binaries.
babyheap
Folders and files
Name | Name | Last commit date | ||
---|---|---|---|---|
parent directory.. | ||||