Tags: got one_gadget heap 

Rating:

In `AsisCTF Quals 2018 - Just Sort!` challenge, there is a `heap overflow` vulnerability that we can leak `free@GOT` address, and find `libc` base address as the result. Then, we can overwrite `free@GOT` by `one_gadget`'s address to get shell. This is a good challenge to understand how to exploit `x86_64` binaries with `Canary`, `NX`, and `ASLR` enabled.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/AsisCTFQuals/2018/Just_Sort).