DEFCON 2017 awsno writeup 1. heap overflow in 'trains' menu2. we can change heap layout by making hole with edit menu. (edit deletes a node and appends new copy at the end of the list)3. using heap overflow, we can corrupt some objects and hijack RIP.4. we used special gadget that allows us to do arbitrary write5. we changed atoi into system and called atoi("sh 0&4"); to get a shell. - worked with zzoru. '''trains name l.. 더보기 이전 1 2 3 4 5 6 ··· 423 다음