picoctf/pwn/x_sixty_what/vuln.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>

#define BUFFSIZE 64
#define FLAGSIZE 64

void flag() {
  char buf[FLAGSIZE];
  FILE *f = fopen("flag.txt","r");
  if (f == NULL) {
    printf("%s %s", "Please create 'flag.txt' in this directory with your",
                    "own debugging flag.\n");
    exit(0);
  }

  fgets(buf,FLAGSIZE,f);
  printf(buf);
}

void vuln(){
  char buf[BUFFSIZE];
  gets(buf);
}

int main(int argc, char **argv){

  setvbuf(stdout, NULL, _IONBF, 0);
  gid_t gid = getegid();
  setresgid(gid, gid, gid);
  puts("Welcome to 64-bit. Give me a string that gets you the flag: ");
  vuln();
  return 0;
}
pwn/x_sixty_what 2024-09-03 21:30:47 +02:00			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <unistd.h>`
			`#include <sys/types.h>`

			`#define BUFFSIZE 64`
			`#define FLAGSIZE 64`

			`void flag() {`
			`char buf[FLAGSIZE];`
			`FILE *f = fopen("flag.txt","r");`
			`if (f == NULL) {`
			`printf("%s %s", "Please create 'flag.txt' in this directory with your",`
			`"own debugging flag.\n");`
			`exit(0);`
			`}`

			`fgets(buf,FLAGSIZE,f);`
			`printf(buf);`
			`}`

			`void vuln(){`
			`char buf[BUFFSIZE];`
			`gets(buf);`
			`}`

			`int main(int argc, char **argv){`

			`setvbuf(stdout, NULL, _IONBF, 0);`
			`gid_t gid = getegid();`
			`setresgid(gid, gid, gid);`
			`puts("Welcome to 64-bit. Give me a string that gets you the flag: ");`
			`vuln();`
			`return 0;`
			`}`