BCTF 2015 pwn challenge: zhongguancun

Categories CTF

The general idea to pwn this toy online store system is as following, firstly we need to find a control flow hijack vulnerability which in this case is a vtable hijack based on heap buffer overflow, secondly we will┬ábypass all the integrity checks in the program and the┬ámemory defenses(e.g. ASLR) to call “system(“sh”)” in libc.

Continue reading “BCTF 2015 pwn challenge: zhongguancun”