Posts tagged with heap-exploitation

Challenge

Make tcache great again !

nc chall.pwnable.tw 10207

tcache_tear

libc.so

Background

Per-thread cache (tcache) is an optimization enabled in versions of libc after 2.26. To increase heap performance, security checks are limited within the tcache implementation. Tcache is implemented using two important internal structures:

Continue Reading

Challenge

A good Hacker should always take good notes!

nc chall.pwnable.tw 10102

We are also provided a binary and the libc used on the server.

Solution

When running the binary, we can see four options:

Understanding the binary

When reversing the binary, we can use the shown options to help identify functions used. I reversed the binary in Ghidra, and the following are the cleaned up decompilation output from the binary.

Continue Reading
Switch to Dark Mode
Dark
Switch to Light Mode
Light