EN
|
EN |
|
| |
Bad Memories -v0.9- -recreation- May 2026strings core.dump | grep -i ctf Returns: file core.dump Output: Loading memory... [1] Allocate [2] Write [3] Read [4] Free [5] Exit A heap note manager – likely vulnerable to UAF (use-after-free) or double-free. Bad Memories -v0.9- -recreation- However, this core dump is process-only. Use elfutils : In GDB, call the overwritten function: But it’s never called normally. The challenge name "Bad Memories" + -recreation- hints we need to force a UAF to redirect execution to this function. Examine heap chunks in the core dump. void secret_function() char flag[64]; FILE *f = fopen("flag.txt", "r"); fread(flag, 1, 64, f); flag[strcspn(flag, "\n")] = 0; printf("Flag: %s\n", flag); strings core (gdb) call ((void(*)(char*))0x401456)(0x6020a0+8) Or simply: |