0x0 Introduction
Feeling luuuuuuuucky?
You must create a flag.txt in the same folder as the binary for it to run.
nc ctf.b01lers.com 9203
Author: robotearthpizza
Difficulty: Easy
files: gambler_overflow
0x1 Mitigation
1 | Arch: amd64-64-little |
0x2 Vulnerability
function sym.casino
ask for a 4 byte string using gets
, then it compare with a random string generate by sym.imp.rand()
.
If we enter the same string as the random one, we get certain amount of money. If we have more than 1000 in balance, the program will print out the flag
1 | │ ; var signed int64_t var_1ch @ rbp-0x1c |
it uses gets
, so we can overwrite s1 by s2. so that we can make s2 and s1 same.
0x3 Exploit
1 | from pwn import * |
0x4 Flag
forgot