Tags: pwn
Rating: 4.0
TLDR:
- Force malloc into creating a chunk with size 0x0 to overwrite chunk metadata.
- Create overlapping chunk over key_table, create fake chunk over got table.
- Overwrite `atoi` with `printf` for leaks, then overwrite `atoi` with `system`.
https://kileak.github.io/ctf/2017/SECCON2017-secure_keymanager/