loading...

(Write-up) pwnable.kr :: fd

aibhstin profile image Aibhstin ・1 min read

This is a write-up on the very first challenge on pwnable.kr, 'fd'. The source code of the program we will be exploiting is given as the following:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char buf[32];
int main(int argc, char* argv[], char* envp[]){
        if(argc<2){
                printf("pass argv[1] a number\n");
                return 0;
        }
        int fd = atoi( argv[1] ) - 0x1234;
        int len = 0;
        len = read(fd, buf, 32);
        if(!strcmp("LETMEWIN\n", buf)){
                printf("good job :)\n");
                system("/bin/cat flag");
                exit(0);
        }
        printf("learn about Linux file IO\n");
        return 0;

}

This program requires that we pass it a command line argument. This argument is converted to an integer and has the hexadecimal value of 0x1234 subtracted from it. This new number is then used as a file descriptor to read some input. If this input matches successfully against "LETMEWIN", then the flag is displayed to the user.

In order to supply some input to this program, we need it to read from stdin. This has a file descriptor of 1. Therefore, we need to supply the hexadecimal value of 0x1235, or the decimal value of 4661.

fd@pwnable:~$ ./fd 4661
LETMEWIN
good job :)
<-- FLAG OMITTED -->

Posted on May 30 by:

aibhstin profile

Aibhstin

@aibhstin

I'm an Ethical Hacking & Cybersecurity student and a Haskell programmer.

Discussion

markdown guide