crash.software
Projects
Pull Requests
Issues
Builds
stigward_PoCs-and-Exploits
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY stigward_PoCs-and-Exploits Files
🤬
a08963e8
ROOT /
CTFs /
ROMHack2022 /
swordmaster /
README.md
6 lines | UTF-8 | 544 bytes

PWN::Swordmaster

Solution:

  • Getting the flag for this challenge requires the exploitation of 3 bugs. First, we can leak the base address of libc with a format string vulnerability. Next, we can obtain the base address of the heap with a Use-After-Free (UAF) vulnerability. Finally, we can corrupt the top chunk of the heap’s metadata, allowing us to execute a “House Of Force” attack, overwriting __malloc_hook with system and obtaining a shell.
  • Full Write-up on my blog
Please wait...
Page is in error, reload to recover