| ID: | 8329 |
|---|---|
| 标题: | hitcontraining_magicheap |
| 描述: | Ubuntu 16 https://github.com/bash-c/pwn_repo |
| 类型: | Pwn |
| 网站: | BUUCTF |
| 题目链接: | https://buuoj.cn/challenges#hitcontraining_magicheap |
| 赛事: | None |
| 年度: | None |
| Flag值: | hitcontraining_magicheap的解题过程通过unsorted bin attack覆盖magic值实现get shell,关键步骤包括创建三个chunk、利用堆溢出修改bk指针、触发unsorted bin脱链操作写入magic值,最终输入4869触发后门 1 3。验证后的网址为:https://blog.csdn.net/mcmuyanga/article/details/112302849 |
| writeup: | https://blog.csdn.net/zwb2603096342/article/details/140345550 |