CRLD (Pwn 500 pts)

Short Version

Your classic file access race condition.

In one process create a file with whatever contents, link the same filename to the flag file then delete the link, continue loop
In a separate thread try to read the file in a loop
Run until the flag prints out

The idea here is we will trick the program into calling read inbetween the create file and link call, then after the check to make sure we are not accessing the flag file, link will be called from a separate thread just as we open the file and it will write out the contents of the flag file before delete is called.

Longer Version

https://github.com/mrchisel14/CTFs/tree/master/2018/EVLZCTF2018/CRLD

Original writeup (https://github.com/mrchisel14/CTFs/tree/master/2018/EVLZCTF2018/CRLD).

CRLD

CRLD (Pwn 500 pts)

Short Version

Longer Version

Comments

Sign in with