Rating: 0

In `SECCON 2017 - election` challenge, there is a `buffer overflow` vulnerability that gives us `arbitrary write`. Using this vulnerability, we can find `heap` base address by manipulating heap chunks and `libc` base address by leaking `read@GOT` address, and finally overwrite `__malloc_hook` with `one gadget` in order to execute `/bin/sh`. This is an interesting `heap exploitation` challenge to learn bypassing protections like `NX`, `Canary`, `Full RELRO`, and `ASLR` in `x86_64` binaries.