I spent several hours on this challenge, the logic of this program is simple and an information leakage vulnerability was discovered. But I was not familiar with malloc’s heap management scheme and failed to exploit this vulnerability.
The vulnerability has its root in no '\0' was appended to the input note, it’s possible to leak a heap pointer by crafting a string before the heap pointer. But I didn’t know how then, after reading this and this writeup I finally figured out how to do this. This and this also help a lot to understand heap exploitation technique. This article is a record for reference. Continue reading “0CTF-2015 freenote: playing with malloc library”