Một vài bài pwn khá thú vị và đặc biệt có sự xuất hiện của pwn với java (mặc dù ta không động gì đến java internal)

A very cool challenge that has combined both pwn and web

A challenge with a new heap exploitation technique: House of Muney. In this challenge, all we need is: a leak, an arbitrary free, and only one malloc (with input) to control RIP.
And only applicable to binary without FULL RELRO protection.

Surprisingly a ctf contest for highschoolers actually has a lot of difficult pwn challenges.
These challenges have a lot of creative exploiting techniques: House of Husk, House of Muney.
Therefore, I wanted to make a detailed writeup, starting with the first challenge: House of Cockarocha

My team purf3ct cleared the pwn section of this ctf, so for the first time, I feel qualifed enough to make a writeup about 2 heap challenges, which introduce some nice heap exploitation techniques