Posts tagged with double-free

pwnable.tw - Tcache Tear

Posted on February 23, 2020* in ctf-writeups
pwnable.tw binary-exploitation heap-exploitation pwntools double-free

Challenge

Make tcache great again !

nc chall.pwnable.tw 10207

tcache_tear

libc.so

Background

Per-thread cache (tcache) is an optimization enabled in versions of libc after 2.26. To increase heap performance, security checks are limited within the tcache implementation. Tcache is implemented using two important internal structures:

Continue Reading
Switch to Dark Mode
Dark
Switch to Light Mode
Light