Tags: pwn 


Abuse the poor `malloc()` implementation and predict `rand()` results to overwrite a pointer and achieve an arbitrary read/write primitive.

In short:

- Break `rand()` that is based on `srand(time(NULL))`.

- Find appropriate `malloc()` results that will allow us to overflow a `char*` that we can read from && write to.

- Have an arbitrary read/write.

- Profit :)

Original writeup (https://github.com/j0nathanj/CTF-WriteUps/tree/master/2018/GoogleCTF-2018/pwn/SFTP).