Tags: pwn one_gadget vtable heap bof c++
- Buffer overflow on the heap
- Overwrite a `std::string`'s buffer pointer to leak binary's and libc's base
- Overwrite a vtable pointer to call a one-shot gadget and get a shell
For details, check out [the writeup](https://github.com/LevitatingLion/ctf-writeups/blob/master/defcon_quals_2018/pwn_124_its_a_me/README.md).