Today, I found funny CTF training website. PWNABLE.kr , this ctf ( capture the flag ) have a lot of challenges with funny story :v
I will start from part 1.
this is [fd] , here’s the question :
Mommy! what is a file descriptor in Linux?
* try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://www.youtube.com/watch?v=blAxTfcW9VU
ssh email@example.com -p2222 (pw:guest)
so, fd means file descriptor , ok so let’s connect to that server via ssh
let see what they have there
there’s a fd.c , fd is binary from fd.c , and flag , but we don’t have access to open that flag file. Let see the source from fd.c first
this binary accept an arguments, first argument is number, int fd with atoi ( ascii to integer ) of first argument subtract 0x1234 . 0x1234 is hexa , the decimal is 4660. There also have if strcmp, which means it will compare “LETMEWIN\n” with something inside the buf. The rules of strcmp are :
if Return value < 0 then it indicates str1 is less than str2.
if Return value > 0 then it indicates str2 is less than str1.
if Return value = 0 then it indicates str1 is equal to str2.
so, we need to make it equal to get 0. The easy way is compile again those code and add some logs.
ok, so let’s run ./fd with argument 4660 or 4661 or 4662 , then it will ask you to input char, remember we need value 0, so input the same char, LETMEWIN . see the result.
the flag is “mommy! I think I know what a file descriptor is!!”