Tags: pwn 

Rating:

Abuse the poor `malloc()` implementation and predict `rand()` results to overwrite a pointer and achieve an arbitrary read/write primitive.

In short:

- Break `rand()` that is based on `srand(time(NULL))`.

- Find appropriate `malloc()` results that will allow us to overflow a `char*` that we can read from && write to.

- Have an arbitrary read/write.

- Profit :)