Question:
Here's a simple C program. What's the password? Format:
"fastctf{flag}"
Hint:
The C is so full, it's overflowing!
Answer:
fastctf{badcodefails}
This
challenge gives a simple C program and expects you to find that flag.
Running file5.exe asks for a password, and if supplied the wrong the
answer, quits.
Trying
to brute-force what the password is not the desired method, but it
can be done. Since the format of the flag is in curly brackets, you
can easily find the flag by searching through the strings of the
file. Strings are literal strings of ASCII or Unicode characters
inside files. There are many GUI and command line tools for finding
strings. I like to use BinText on Windows (https://bintext.soft32.com/).
Not
only can we see the flag “fastctf{badcodefails}”, but we can also
see the correct password needed to display the flag was
“thecorrectpassword”. If you did not use strings to solve this
and instead looked at the hint “The C is so full, it's
overflowing!”, then you may have deduced this can actually be
solved via buffer-overflow. Below is what the C program looked like
before I compiled it with GCC.
In
the picture above, 65 characters are inserted and the flag is
printed. Now you learned a little something about buffer overflows!
Like my work? Donate here: https://buymeacoffee.com/forensicnoobsecurity
No comments:
Post a Comment