In CSAW Quals 2018 - alien_invasion challenge, there is an off-by-one (poison-null-byte) vulnerability that allows us to create overlapping chunks situation. Basically, we can leak heap base address as well as de-randomize PIE by manipulating heap chunks and find libc base address by leaking strtoul@GOT, and finally overwrite strtoul@GOT with system in order to execute /bin/sh. This is an interesting heap exploitation challenge to learn bypassing protections like NX, Canary, PIE, and ASLR in x86_64 binaries.
alien_invasion
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||