Nice one thanks!

thank you

in forencic, how to you guys execute the configure file

i always get error

(October 25, 2022, 04:00 PM)n1c31c3 Wrote:

(October 25, 2022, 03:57 PM)Meep Wrote:

(October 25, 2022, 03:53 PM)karhu Wrote:

(October 25, 2022, 02:29 PM)Meep Wrote: Pwn day 4 is a string format exploit using %n to override something. Not working reading in on it.

Idk if it is, though. In main:

char local_154 [12];
char local_148 [312];


__isoc99_scanf("%299s", local_148)
printf(local_148)

So, it's taking 299 bytes from the local_148 buffer, which means that there should be a 13 byte overflow, right? Unless I'm completely off base, which has been known to happen.

Yeah I'm kind of stuck too. I've read some articles on turning a format vuln into shellcode execution. But the layout seems kinda off. What is certain is that the flag is not referenced in the code. But that also got me thinking what if the flag contents have been passed as program arguments when running the application. Perhaps thats what they want to achieve. Anyways I'm stuck and someone solved it in like 10 minutes which is really fast.

Well, the first input takes exactly 11 chars, the 12th char is overflow to the local_148 space. If you input AAAAAAAAAAB, the B will be directly printed with better luck next time, skipping the 2nd input. Hope this leads to someehere

Yeah, I noticed this, but the first scanf takes the buffer from local_154 and not local_148. So, two different buffers.

(October 25, 2022, 01:05 PM)Hacker2222 Wrote: plz discuss day 4 challenges here

reversing challenge:

ole

(October 25, 2022, 04:34 PM)keygen Wrote: in forencic, how to you guys execute the configure file

i always get error

use nc <ip> <port>

goood

I was sure I'm wrong about the RE because it was way too damn easy, got that flag but apparently had an extra space in there so I kept search lmao

thanks

(October 25, 2022, 01:05 PM)Hacker2222 Wrote: plz discuss day 4 challenges here

reversing challenge:

thx