- UAF in chess game, overwrite
- Abusing a stack overflow on a RISC-V binary to then return to shellcode.
- Buffer overflow in AArch64
- Bypass pointer authentication to leak libc and get shell
- Overflow from
stdin stucture till
- Create fake
fastbin chunks to get overlapping chunk and leak.
__malloc_hook using fastbin attack.
- overflow the
char candle counter stored in the wax structure and trigger uaf.
- Use the uaf to trigger double free and get shell.
- Leak with Format String bug.
- Use the arbitrary heap pointer write to overwrite
- Inject shellode in heap and get code execution in
- Out-of bounds index write allows byte-by-byte overwrite of return address
- Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
- Leak libc with puts and execute a ret2libc to get shell
mmap_threshold with null and trim top chunk size.
- Null out last 2 bytes of stdin’s
_IO_buf_base and brute force to get allocation on stdin.
- Overwrite one of the jump tables with win function to get shell.
- Execute shellcode on parent and write to child’s memory using
/proc/<pid of child>/mem
- Overwrite return address of child with execve shellcode and pop shell.