Artificial truth Archives Various musings mainly powered by French cheese and red wine. Friends: aj deadrom1 fr33tux kiwi mlleCarnot skia Exploiting ezhp (pwn200) from PlaidCTF 2014 with radare2 Mon 27 April 2015 Usual disclaimer: This article is more about radare2 than some 1337-heap-related super-efficient pwnage. If you're looking for the later, check geohot's elegant ROP-powered writup instead. I like to play CTF, but it seems that I prefer to take my time for pwning; playing around with the debugger, trying multiple payloads and methods. Another benefit of doing challenges after ctf is that you can ask which were great, and not lose your time on stupid ones . Anyway, I was told that ezhp was great, so time to get a shell on it! [ 0x08048a48 ] > iI file ./ezhp type EXEC ( Executable file ) pic false canary false nx false crypto false va true root elf c...