Tags: rev
Rating:
rev/string-cheese
aplet123
644 solves / 112 points
I'm something of a cheese connoisseur myself. If you can guess my favorite flavor of string cheese, I'll even give you a flag. Of course, since I'm lazy and socially inept, I slapped together a program to do the verification for me.
Connect to my service at nc lac.tf 31131
Note: The attached binary is the exact same as the one executing on the remote server.
We are given a binary and a netcat port. When we execute binary we see:
What's my favorite flavor of string cheese?
and are prompted for an input. If the input is wrong, the binary exits.
First I threw the binary into ghidra and had a look at the decompiled "main":
undefined8 main(void)
{
int iVar1;
size_t sVar2;
char local_108 [256];
printf("What\'s my favorite flavor of string cheese? ");
fflush(stdout);
fgets(local_108,0x100,stdin);
sVar2 = strcspn(local_108,"\n");
local_108[sVar2] = '\0';
iVar1 = strcmp(local_108,"blueberry");
if (iVar1 == 0) {
puts("...how did you know? That isn\'t even a real flavor...");
puts("Well I guess I should give you the flag now...");
print_flag();
}
else {
puts("Hmm... I don\'t think that\'s quite it. Better luck next time!");
}
return 0;
}
hmm.. as we see there is a simple string-comparison with the hardcoded value "blueberry". So I executed the programm remotely, entered the "password" and:
What's my favorite flavor of string cheese? blueberry
...how did you know? That isn't even a real flavor...
Well I guess I should give you the flag now...
lactf{d0n7_m4k3_fun_0f_my_t4st3_1n_ch33s3}
Nice and simple challenge :)
