[0ctf 2017] uploadcenter knote pwnable write-up

Categories CTF

0ctf is over for a week. We(NeSE) ranked 6th/908 at last. During the game, I looked at two pwnable challenges : knote and uploadcenter, I spent more than 16 hours on uploadcenter and 14 hours on knote. I found the info leakĀ and race condition in knote and the info leakĀ and mismatch in mmap/munmap size in uploadcenter. But I did not came up with the thread stack UAF exploit. So I wrote this article to write down what I thought most fun part of these challenges.

Continue reading “[0ctf 2017] uploadcenter knote pwnable write-up”

Plaid CTF 2015 writeup(prodmanager, clifford, ebp, unknown)

Categories CTF

1. prodmanager(180 points)

prodmanager is a product manage system. After a short investigation of the source code, I found that there is a UAF vulnerability of double linked list. Actually the program did not manage product list and lowerest price list properly, an item which is freed in the product list still presents in the lowerest price list. Continue reading “Plaid CTF 2015 writeup(prodmanager, clifford, ebp, unknown)”