Information category: pwn Description Leverage consolidation to obtain the flag. Write-up Tcache holds up to 7 freed chunks of a given size. Do: allocate N chunks of size S, then free()...

Information category: pwn Description Revisit a prior challenge, now with TCACHE safe-linking. Write-up House of Force to pivot malloc into the stack. Exploit from pwn import * elf = co...

Information category: pwn Description Revisit a prior challenge, now with TCACHE safe-linking. Write-up House of Force to pivot malloc into the stack, and a compact XOR-index → stack pivo...

Information category: pwn Description Leverage TCACHE exploits to obtain the flag. Write-up Goal: leak a return address from the stack, compute PIE base, pivot malloc so a chunk points a...

Information category: pwn Description Leverage calling free() on a stack pointer to read secret data. Write-up Goal: manipulate heap metadata to perform an overwrite of a secret value st...

Information category: pwn Description Leverage TCACHE exploits to cause malloc() to return a stack pointer. Write-up Goal: leak a stack address, pivot malloc to return a pointer into sta...

Information category: pwn Description Leverage TCACHE exploits to gain control flow. Write-up Goal: use a heap primitive (House of Force style) to leak a stack address and PIE base, then...

Information category: pwn Description Leverage TCACHE exploits to gain control flow. Write-up Goal: leak the stack canary, leak a stack address to bypass PIE, and finally overwrite a ret...

Information category: pwn points: 1000 Description None Write-up This challenge provides a way to leak memory directly from the stack using a controlled index. With this capability, we ...

Information category: pwn points: 1000 Description None Write-up We start by analyzing the binary’s control flow. The vulnerable function vuln() reads user input using the read() syscal...