Userland

Recruitment was an easy Pwn challenge which included leaking from uninitialized variable and overflowing on the stack. As for RCE there was only 6 bytes of overflow on the return address, which essentially meant I had to resort to one gadget ROP.

In this post we will have a look at Hack the Box pwn challenge called Auth-or-out which was all about custom heap allocator and it’s exploitation.