Tags: use-after-free got uaf glibc heap
Rating:
In `34C3 2017 - SimpleGC` challenge, we leak `libc` base address using a `Use After Free (UAF)` vulnerability. Using the same `Use After Free (UAF)` vulnerability, we overwrite `free@GOT` with `system` address, and eventually spawn a shell. This is a good example of `Heap Exploitation` challenge to understand how to exploit `x86_64` binaries with `Canary`, `NX`, and `ASLR` enabled in presence of `tcache` feature which is enabled in `glibc-2.26`.