easyctf-2017/doubly-dangerous/doubly_dangerous.c

46 lines
872 B
C
Raw Normal View History

//compile with:
//gcc -m32 -std=c99 -Wall -fno-stack-protector doubly_dangerous.c -o doubly_dangerous
2017-03-12 08:26:33 +00:00
//sol: input "A"*40+"\x00\x80\x34\x41"
2017-03-12 07:47:50 +00:00
#define _GNU_SOURCE
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
2017-03-12 07:47:50 +00:00
#include <sys/types.h>
void give_flag() {
FILE *f = fopen("flag.txt", "r");
2017-03-12 07:47:50 +00:00
gid_t gid = getegid();
setresgid(gid, gid, gid);
if (f != NULL) {
char c;
while ((c = fgetc(f)) != EOF) {
putchar(c);
}
fclose(f);
}
else {
printf("Failed to open flag file!\n");
}
}
int main(int argc, char **argv){
volatile float modified;
char buffer[64];
modified = 0;
printf("Give me a string: \n");
gets(buffer);
if (modified == 11.28125) {
printf("Success! Here is your flag:\n");
give_flag();
}
else {
printf("nope!\n");
}
}