CTFtime.org / TokyoWesterns CTF 6th 2020 / smash / Writeup

Tags: fsb cet pwn

Rating: 5.0

## tl;dr

+ Leak with Format String bug.
+ Use the arbitrary heap pointer write to overwrite `__GI__IO_file_jumps`.
+ Inject shellode in heap and get code execution in `dfprintf`.

Link To A Detailed Writeup: [Link](https://blog.bi0s.in/2020/09/22/Pwn/twctf20-smash/)

Original writeup (https://blog.bi0s.in/2020/09/22/Pwn/twctf20-smash/).

smash

Comments

Sign in with