Tags: pwn
Rating:
brute force for &global_max_fast -> unsorted bin attack to overwrite global_max_fast -> fastbin dup to get chunk above global array of data -> overwrite index 0 with free@got -> overwrite free with printf -> leak libc -> overwrite malloc_hook with one gadget -> shell