Дом с привидениями (Haunted House)

hackerlab

Task: Menu-based heap allocator with UAF vulnerability (delete does not NULL pointer). Solution: Leak libc via unsorted bin, tcache poisoning to overwrite __free_hook with win function address.

heap uaf pwn tcache-poisoning __free_hook unsorted-bin-leak use-after-free no-pie glibc-2.31 win-function

use_after_freetcache_poisoningunsorted_bin_leak__free_hook_overwrite

$ ls tags/ techniques/

heap uaf pwn tcache-poisoning __free_hook unsorted-bin-leak use-after-free no-pie glibc-2.31 win-function

use_after_freetcache_poisoningunsorted_bin_leak__free_hook_overwrite

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]Chunks (Чанки)— duckerz
[pwn][Pro]pwn9_mc5 — Mic Check: leak and pwn 2!— spbctf
[pwn][Pro]Secrets— grodno_new_year_2026
[pwn][Pro]pwn9_mc4 — Mic Check: leak and pwn!— spbctf
[pwn][Pro]pwn10_nosoeasy — No-So-Easy: tcache poison → GOT overwrite— spbctf