1) This bug only allows you to read or overwrite specific 8 bytes. But you can use it to achieve arbitrary reads and writes. 2) This is a different heap overflow bug. But you can exploit it in a very similar way to the 2019 KCTF Problem 5. ...
语雀文档地址https://www.yuque.com/hxfqg9/bin/ape5up 涉及的代码文件在 github 也有https://github.com/yichen115/how2heap_zh how2heap 是 shellphish 团队在 github 上面分享的用来学习各种堆利用手法的项目 我主要是把 how2heap 代码里面的文字说明用谷歌结合调试时的理解给翻译了一下 large_bin_attack u...
Next, we will allocate a chunk that will get us right up against the desired region (with an integer overflow) and will then be able to allocate a chunk right over the desired region. The value we want to write to at 0x5636c2d20060, and the top chunk is at 0x5636c35b2528, so acco...