Tags: nonce aes-ctr pwn crypto heap 

Rating:

### TL;DR
1. Create free chunk near the counter
2. Overflow to chunksize of top chunk
3. Allocate some chunk to change the terminator
4. Get the keystream for printing heap content
5. Create overlapped chunk by modifying the size
6. Partial overwrite to forge fd to counter
7. Reset counter
8. Get the keystream for writing
9. Use normal heap exploitation techniques to win

Original writeup (https://sasdf.cf/ctf/tasks/2019/BalsnCTF/pwn/securenote/).