Tags: pwn 


Elastic cloud compute (memory) corruption (or EC3 for short) was a binary pwn task on recent DEF CON CTF 2018 Quals.

You're dropped into a Linux virtual machine with root privileges, and your objective is to escape from the VM to read the flag on the host filesystem. Task description mentions some custom PCI device.

This virtual device's implementation has heap overflow vulnerability allowing read-write out-of-bounds access and UAF vulnerability. Although this is more than enough to leverage well-known heap exploitation techniques, due to my inadequate pwn skills, I decided to resort to heap spraying instead.

Read more here: [https://blog.bushwhackers.ru/defconquals2018-ec3/](https://blog.bushwhackers.ru/defconquals2018-ec3/)

Original writeup (https://blog.bushwhackers.ru/defconquals2018-ec3/).