Tutorial [pwn]

Before we start, practice time!

Pwn - 300 points

Walkthrough

We start by connecting to the provided server:

β”Œβ”€β”€ πŸ‘½AKUMA πŸ₯· ➀➀ 🌐10.10.0.12
β”œβ”€β”€[ο„•   ~/Desktop/CTF/hackerroyale]
└─ βš” nc 83.136.251.7 56503

This presents us with multiple questions, which we can answer to get the flag.

This is a simple questionnaire to get started with the basics.

β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰
β—‰                                                                                           β—‰
β—‰  C/C++ provides two macros named INT_MAX and INT_MIN that represent the integer limits.   β—‰
β—‰                                                                                           β—‰
β—‰  INT_MAX = 2147483647                  (for 32-bit Integers)                              β—‰
β—‰  INT_MAX = 9,223,372,036,854,775,807   (for 64-bit Integers)                              β—‰
β—‰                                                                                           β—‰
β—‰  INT_MIN = –2147483648                 (for 32-bit Integers)                              β—‰
β—‰  INT_MIN = –9,223,372,036,854,775,808  (for 64-bit Integers)                              β—‰
β—‰                                                                                           β—‰
β—‰  When this limit is passed, C will proceed with an 'unusual' behavior. For example, if we β—‰
β—‰  add INT_MAX + 1, the result will NOT be 2147483648 as expected, but something else.      β—‰
β—‰                                                                                           β—‰
β—‰  The result will be a negative number and not just a random negative number, but INT_MIN. β—‰
β—‰                                                                                           β—‰
β—‰  This 'odd' behavior, is called Integer Overflow.                                         β—‰
β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰β—‰

[*] Question number 0x1:

Is it possible to get a negative result when adding 2 positive numbers in C? (y/n)

>> y

β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 
β™                    β™ 
β™       Correct      β™ 
β™                    β™ 
β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 

[*] Question number 0x2:

What's the MAX 32-bit Integer value in C?

>> 2147483647

β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 
β™                    β™ 
β™       Correct      β™ 
β™                    β™ 
β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 

[*] Question number 0x3:

What number would you get if you add INT_MAX and 1?

>> -2147483648

β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 
β™                    β™ 
β™       Correct      β™ 
β™                    β™ 
β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 

[*] Question number 0x4:

What number would you get if you add INT_MAX and INT_MAX?

>> -2

β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 
β™                    β™ 
β™       Correct      β™ 
β™                    β™ 
β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 

[*] Question number 0x5:

What's the name of this bug? (e.g. buffer overflow)


>> Integer Overflow

β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 
β™                    β™ 
β™       Correct      β™ 
β™                    β™ 
β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 

[*] Question number 0x6:

What's the MIN 32-bit Integer value in C? 

>> -2147483648

β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 
β™                    β™ 
β™       Correct      β™ 
β™                    β™ 
β™  β™  β™  β™  β™  β™  β™  β™  β™  β™  β™ 

[*] Question number 0x7:

What's the number you can add to INT_MAX to get the number -2147482312?

>> 1337

HTB{gg_3z_th4nk5_f0r_th3_tut0r14l}
PreviousDelulu [pwn]NextMaze [Hardware]

Last updated