PerfectRoot CTF 2025 Heap Heap Hooray 1/2 write up
In December 2025, i participated to PerfectRoot CTF with my team Where we finish 3rd over 500+ competitors team.
I learnt a lot of thing during this Capture the flag . Especially Heap exploitation after doing two challenges about Heap Exploit.
This article is a writeup about Heap Heap Hooray and Heap Heap Hooray 2.
Two challenges about Heap exploitation that help me to learn a lot of things about heap exploitation
The exploits path of those challenge were like this:
- Heap Heap Hooray 1: ```sh
- Exploit Use After Free (UAF) to leak heap mangled adress
- Calulate the original adress from the mangled adress to bypass heap Safe-linking
- Exploit Heap Buffer Overflow to overwrite Struct function pointer to replace it with admin_notify function
-
Trigger the program Call admin_notify to ritrieve the flag ```
- Heap Heap Hooray 2: On this version, the purspose was not to call admin function but use UAF and Heap Boof to overwrite return address of function on stack. The exploit path is bellow ```sh
- Exploit UAF to read address of main_arena on unsorted bin
- Use main arena_address to compute libc address
- After getting Libc Address, Read libc environ pointer to get stack address,
- Create rop chain on the stack to call system and get a shell ```
Pico CTF is an annual Cyber security competition for undergrade/grate Studen. Our Team Bug Reapers took part of 2025 one Where we finish Top 3 of AFrica score board The competiotn take 10 days. From 07 Mars to 17 Mars
Here is the write up of all Challenges that we solve durant the competition