Rating: 0

In `CSAW Quals 2018 - alien_invasion` challenge, there is an `off-by-one (poison-null-byte)` vulnerability that allows us to create `overlapping chunks` situation. Basically, we can leak `heap` base address as well as de-randomize `PIE` by manipulating heap chunks and find `libc` base address by leaking `strtoul@GOT`, and finally overwrite `strtoul@GOT` with `system` in order to execute `/bin/sh`. This is an interesting `heap exploitation` challenge to learn bypassing protections like `NX`, `Canary`, `PIE`, and `ASLR` in `x86_64` binaries.