Rating:

In `SECCON 2017 - video_player` challenge, there is a `Use After Free (UAF)` vulnerability by which we can mount `fastbin attack` to create `overlapping chunks`. Using this technique, we can leak a heap address to figure out the layout of chunks and then find `libc` base address by leaking `read@GOT`. Finally, we can overwrite `__malloc_hook` with `one gadget` in order to execute `/bin/sh`. This is an interesting `heap exploitation` challenge in `C++` programs where we can learn about `vtable` (and `virtual calls`) as well as bypassing protections like `NX`, `Canary`, and `ASLR` in `x86_64` binaries.