While solving one task from redpwn ctf ( I’ll create my own wr | Cha1ned’s
While solving one task from redpwn ctf ( I’ll create my own writeup later, sure. Task is excellent) I found some amazing writeups that reviews similar exploitation techniques.
1) Interesting way of exploiting format string bug in binary with disabled PIE: overwriting __do_global_dtors_aux_fini_array_entry to hijack code execution flow. link: https://ctftime.org/writeup/20796
2) Overwriting __IO_write_ptr and calling exit ( forcing exit to call __IO_overflow_t ) to leak libc and changing vtable of __IO_file to hijack code execution flow. link: https://hackmd.io/@ptr-yudai/ByRfC6O_H
3) Discovering .tls segment for exploitation purposes link: https://fireshellsecurity.team/byte-bandits-look-beyond/