- Published on
Utilizing Out-of-bounds write to overwrite an adjacent memory chunk to bypass login and using Format String Vulnerability to overwrite a check and overwrite return address on the stack to perform ROP.
Oob-write
All Posts
- ctf (30)
- writeup (22)
- pwn (21)
- web (13)
- aupctf (11)
- aofctf (9)
- nedctf (7)
- amateurctf (6)
- amateurctf23 (6)
- rev (5)
- htb (4)
- cyber-apocalypse (4)
- buffer-overflow (4)
- x64 (4)
- fsb (3)
- printf (3)
- heap (3)
- elf (3)
- brute-force (3)
- stegnography (3)
- pcc (3)
- format-string (2)
- dev-notes (2)
- memfd_create (2)
- fexecve (2)
- canary (2)
- lfi (2)
- flask (2)
- misc (2)
- ret2libc (2)
- forensics (2)
- magic-bytes-fixing (2)
- bit-shifting (2)
- sqli (2)
- login-bypass (2)
- ret2win (2)
- jwt (2)
- pucon (2)
- userspace (2)
- 0 (1)
- ctf-techs (1)
- guides (1)
- docker (1)
- deployment (1)
- windows-api (1)
- c (1)
- screenshot (1)
- bmp (1)
- pwnabletw (1)
- tcache (1)
- tcache-dup (1)
- double-free (1)
- unsorted-bin-attack (1)
- fake-chunk (1)
- free-hook-overwrite (1)
- elfcrafting-v1 (1)
- elfcrafting-v2 (1)
- shellcode (1)
- asm (1)
- rntk (1)
- random-number (1)
- latex (1)
- pdftex (1)
- integer-overflow (1)
- pyjail (1)
- eval-in-eval (1)
- bash-jail (1)
- blind (1)
- pointer-overwrite (1)
- dereference-leak (1)
- arm (1)
- seccomp (1)
- mov (1)
- sandbox (1)
- syscall (1)
- thread-stack-overflow (1)
- tls (1)
- pthread (1)
- master-canary-overwrite (1)
- srop (1)
- read (1)
- off-by-one (1)
- kingsman (1)
- john-the-ripper (1)
- hashcat (1)
- custom-wordlist (1)
- arcane (1)
- jinx (1)
- deep (1)
- deep-sound (1)
- audio-forensics (1)
- iron-man (1)
- obfuscated (1)
- csrf (1)
- directory-searching (1)
- django (1)
- http-headers (1)
- source-code-analysis (1)
- archiveorg (1)
- snapshot (1)
- wayback-machine (1)
- blackhat (1)
- blackhatmea (1)
- blackhatmea23 (1)
- interger-overflow (1)
- leak (1)
- aslr-bypass (1)
oob-write (1)
- return-address-overwrite (1)
- fsb-to-rop (1)
- word-macro (1)
- js (1)
- hta (1)
- powershell (1)
- unsorted-bin (1)
- self-decryption (1)
- angr (1)
- pie (1)
- leaks (1)
- offset (1)
- variable-overwrite (1)
- auth-bypass (1)
- ssrf (1)
- file-inclusion (1)
- weak (1)
- weak-signing-key (1)
- shift (1)
- reversing (1)
- windows (1)
- kernel (1)
- driver (1)
- sbox (1)
- intio (1)
- python (1)
- pyarmor (1)
- gdb (1)
- uaf (1)
- chunk-reuse (1)
- pie-bypass (1)
- printf-leak (1)