Rating:

In `CodeGate 2018 - SuperMarimo` challenge, there is a `heap overflow` vulnerability by which we can leak `malloc@GOT` address in order to find `libc` base address. Using the same vulnerability, we can overwrite `malloc@GOT` (since `Full RELRO` is not enabled) with `One Gadget` address to execute `execve("/bin/sh")`. This is an interesting `heap exploitation` challenge to learn bypassing protections like `NX`, `Canary`, and `ASLR` in `x86_64` binaries.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/CodegateCTF/2018/Super_Marimo).