# Full WriteUp

Full Writeup on our website: [https://www.aperikube.fr/docs/picoctf_2018/contacts](https://www.aperikube.fr/docs/picoctf_2018/contacts)

-------------
# TL;DR

Contacts is a binary exploitation challenge presented at PicoCTF 2018. There is an uninitialized variable vulnerability which can lead to a fastbins attack. With this attack, I can overwrite some pointer in libc to open a shell with a one-gadget RCE technique.