pwnable.kr:mistake

Posted    on 2017, Jul29, Saturday 23:22:13
Modified on 2017, Jul29, Saturday 23:22:18

Tags: pwnable.kr

题目

We all make mistakes, let’s move on.
(don’t take this too seriously, no fancy hacking skill is required at all)

This task is based on real event
Thanks to dhmonkey

hint : operator priority

ssh mistake@pwnable.kr -p2222 (pw:guest)

1. 分析

查看mistake.c后发现了这样的一句话

if(fd=open("/home/mistake/password",O_RDONLY,0400) < 0){
    printf("can't open password %d\n", fd);
    return 0;
}

由于小于的运算符优先级比赋值高,所以fd恒等于0,也就是说它pw_buf和pw_buf2都是从标准输入中读入的,所以通过验证就非常简单啦

2.题解

首先输入0123456789,接着在python中执行

for i in range(0, 10):
    print(chr(ord(str(i)) ^ 1))

可以得到pw_buf2应为1032547698

之后拿到flag

附录

附件: mistake.zip