comment 0

WriteUp : PWNABLE.kr Part 1 [fd]

Today, I found funny CTF training website. PWNABLE.kr , this ctf ( capture the flag ) have a lot of challenges with funny story :v

I will start from part 1.

this is [fd] , here’s the question :

Mommy! what is a file descriptor in Linux?

* try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://www.youtube.com/watch?v=blAxTfcW9VU

ssh fd@pwnable.kr -p2222 (pw:guest)

so, fd means file descriptor , ok so let’s connect to that server via ssh

sshconnect

let see what they have there

ls-la


Sponsored links


there’s a fd.c , fd is binary from fd.c , and flag , but we don’t have access to open that flag file. Let see the source from fd.c first

fd_source

this binary accept an arguments, first argument is number, int fd with atoi ( ascii to integer ) of first argument subtract 0x1234 . 0x1234 is hexa , the decimal is 4660. There also have if strcmp, which means it will compare “LETMEWIN\n” with something inside the buf. The rules of strcmp are :

if Return value < 0 then it indicates str1 is less than str2.
if Return value > 0 then it indicates str2 is less than str1.
if Return value = 0 then it indicates str1 is equal to str2.

so, we need to make it equal to get 0. The easy way is compile again those code and add some logs.

nganu

loglogan

ok, so let’s run ./fd with argument 4660 or 4661 or 4662 , then it will ask you to input char, remember we need value 0, so input the same char, LETMEWIN . see the result.

result

the flag is “mommy! I think I know what a file descriptor is!!”

Leave a Reply

Your email address will not be published. Required fields are marked *