Binary Gauntlet 0
Last updated
Was this helpful?
Last updated
Was this helpful?
This series of problems has to do with binary protections and how they affect exploiting a very simple program. How far can you make it in the gauntlet? gauntlet nc mercury.picoctf.net 37752
Decompile the binary using Ghidra.
main
function:
sigsegv_handler
function:
As you can see, if the program crashes the flag will be printed. We can cause a crash by overflowing the the local_88
when local_10
is copied into in the strcpy
function. We control local_10
So send one a
for the first fgets
and then send more than 108 a
s for the second fgets
so those 108+ a
s get copied into a variable with a size of 108 and thus overflow and cause a crash.
9595dc79e46ae416c5383d858afbb624