Tags: pwn 

Rating: 4.0

TLDR:
- Force malloc into creating a chunk with size 0x0 to overwrite chunk metadata.
- Create overlapping chunk over key_table, create fake chunk over got table.
- Overwrite `atoi` with `printf` for leaks, then overwrite `atoi` with `system`.

https://kileak.github.io/ctf/2017/SECCON2017-secure_keymanager/

Original writeup (https://kileak.github.io/ctf/2017/SECCON2017-secure_keymanager/).