Introductionzigzag is a zig heap challenge I did during the corCTF 2022 event. It was pretty exotic given we have to pwn a heap like challenge written in zig. It is not using the C allocator but instead it uses the GeneralPurposeAllocator, which makes the challenge even more interesting. Find the tasks here. TL; DR Understanding zig GeneralPurposeAllocator internals Hiijack the BucketHeader of a given bucket to get a write what were / read what where primitive. Leak stack + ROP on the fi...

Introductioncshell2 is a heap challenge I did during the corCTF 2022 event. It was pretty classic so I will not describe a lot.If you begin with heap challenges, I advice you to read previous heap writeup. TL; DR Fill tcache. Heap overflow in edit on the bio field which allows to leak the address of the unsortedbin. Leak heap and defeat safe-linking to get an arbitrary write through tcache poisoning. Hiijack GOT entry of free to system. Call free("/bin/sh"). PROFIT Reverse Engineer...

Introduction I just learned how to use malloc and free… am I doing this right? catastrophe is a heap challenge I did during the diceCTF 2022. I did have a lot of issues with the libc and the dynamic linker, thus I did a first time the challenge with the libc that was in /lib/libc.so.6, then I figured out thanks to my teammate supersnail that I was using the wrong libc. Then I did it again with the right libc but the dynamic linker was (again) wrong and I lost a loot of time on it. So well, t...

Here are just some side notes about linux kernel internals I put here to avoid to have to learn same things again and again. Every notes target linux kernel 5.18.12.There will be a lot of code for which I do not comment the whole part. Kernel heap management (SLUB, SLAB, SLOB)Same way as for userland, the kernel has many algorithms to manage memory allocation according to what the kernel is looking for (huge resources or not, safety needs etc). SLUBThe SLUB algorithm is the algorithm I know t...