Impact: Local privilege escalation Type: Arbitrary File Write Why: Similar to Dirty COW, but newer and easier to exploit v5.8 <= affected kernels < 5.10.102, 5.15.25, 5.16.11 Fix: ...

fakeobj.py Description Dear VulnX, send me your best fake snake object Regards, joseph AU: nc chal.2025.ductf.net 30001 US: nc chal.2025-us.ductf.net 30001 Attachments: fakeo...

How it works House of Einherjar is a go-to method for heap exploitation in case of a single NULL byte overflow vulnerability. It can be used to obtain overlapping chunks Which can further b...

Environment setup #!/bin/bash mkdir initramfs cp initramfs.cpio.gz initramfs cd initramfs gzip -d initramfs.cpio.gz cpio -idmv < initramfs.cpio rm initramfs.cpio cd .. #!/bin/bash cd initramf...

Background Suppose you have pwned a process and can execute your ROP chain, that seems great at first because now you can pop a shell right? But what if: You don’t have enough gadgets for popp...

Arena An arena is a memory management structure in glibc’s malloc implementation that manages a contiguous region of memory from the heap. It organizes memory into chunks, provides synchroniza...

This series is about the GNU allocator Some information might be incorrect as I am creating these posts while learning myself What is heap? Heap Heap is a region of memory divided i...

Vault Fault Explanation Solution #include <stdio.h> #include <stdlib.h> #include <time.h> int main() { srand(time(NULL) / 5); printf("%c", rand() % 256); } #!/usr/...

Explanation Solution // Compile with: musl-gcc -static -o exploit exploit.c #include <fcntl.h> #include <pthread.h> #include <stdbool.h> #include <stddef.h> #include &lt...

Baby pwn Here’s a baby pwn challenge for you to try out. Can you get the flag? nc 34.162.142.123 5000 Author: atom void secret() { printf("Congratulations! Here is your flag: "); ...