From fb61e5916e95369a769bbf2d52e9a558c2f8a4d4 Mon Sep 17 00:00:00 2001
From: Michael Barre <mbarre@artandcraftentertainment.com>
Date: Sat, 11 Mar 2017 03:19:47 -0600
Subject: [PATCH] added a integer overflow problem, included source and flag
 but neither of those should be provided to the user

---
 risky-business/casino         | Bin 0 -> 15224 bytes
 risky-business/description.md |   1 +
 risky-business/flag.txt       |   1 +
 risky-business/grader.py      |   4 ++
 risky-business/main.cpp       |  75 ++++++++++++++++++++++++++++++++++
 risky-business/problem.yml    |   9 ++++
 6 files changed, 90 insertions(+)
 create mode 100644 risky-business/casino
 create mode 100644 risky-business/description.md
 create mode 100644 risky-business/flag.txt
 create mode 100644 risky-business/grader.py
 create mode 100644 risky-business/main.cpp
 create mode 100644 risky-business/problem.yml

diff --git a/risky-business/casino b/risky-business/casino
new file mode 100644
index 0000000000000000000000000000000000000000..7cda6bedf991ed45d95b76d289f7b3f089f55449
GIT binary patch
literal 15224
zcmeHOe{@vUoxd}a5EK}Kg8W+L0ivKX%#aWxt#y(xFwp?nOi)DeWim5KMkX`anKzKI
z)j|X8j)-Qhb+K!Ev|U--?m4>d9uKQ-62K$av%3dcb*bIsVO_N|qHU}{NG+QEeDAyW
z<;|O!3ih;r?D6Kz``+*Oe!t)Qz4w0KefNFeH{b9zt+v~2Ocp!)8Y66Ys+W`WD`UM?
z92K-$b^-G;g<Z-ffKra1m$wkqYZ8tM)e=q=d=9`e{A%qwq1Nu@6$$@LCo>79g#@X;
z@!}O#9hS|}Q3)BWq(X9JYxYvY2)5<HGBOCI*-)-<oXjJ+iI;H{u#HzF91(^|D91-*
zqhG5SU#r~<jBqajwu)cJA@NdaeoG5e{gIg*1@!WYgtzNtCZUx3bI6gM=UOTSV~gmo
z)V$0R_Dd*+%a+BW?KRcQV&SE+XguA!w70fqX-%~&m2fTR<0k#YyJp=6-jke11sK^p
z9Y30KY9D@erE>inCqM0;e#7kh-)z5U*GoV8Ew#~7%5`I`(mvld-A1&z_>o_v9;&d<
z|MbHP7W-aln!bN>Lto>TXFx7mXdNyp(qe-##pq<eQiOkA3Hnz{=)b>&{<})h={76Y
z@0k+%Cza5%zJ#8CDWT`5nDAoraG(VJuS)1yR)RlP!p>)~z{UDiOVHoKxQg+AT!Ma2
ziGHIc_yZ;Q&z7*~SD1%s<dO5+ppmgz;G=R#@HdNnRHribAE=Q1JDgrg;_wm78|hIN
zv~j#r=y^=&>9Ocxxc^dGICS;ZbkEf=RqgCf#MP7*Olqpi)El>|Es@S>N{b{LV!>1@
zl45FO>smD&NeXi7+J;yn9%&7>$0B-L@s>>iEtYBw1vHN*)D=vsS~3{bK=1{ExcFMo
zP}LqxMMG*Lr6nW5?#5QN)vfvh*QzZytqW+^s%ogW*W>Xl*SWwHjdwN%s@1>>wbi5g
zd`#U0zS?LarGh0=-58H*t31A~oSulKe9fy{0*Qc1jL_E^(Xi)4&dDT9fW@Tqu*g%b
zTO92WT8d19ufgMMzKI&D)J6<oeNQCbod{z_)z02twI`BHCE~$YRO?f>y7_>j$&{}p
z%7;=NiHBpw#_@Y*wFZkz(`8I+t$A8Y8>+9CF|C&A#whgZ*3N0rD?+hEDx!<r6ws~{
z^OPv+C%)>AU^FK68+PZrLy@V?vpAqtg`#mjYw*TGXDl{jp;ma|3Kh%qhfEo!hWuEy
z_-`n%Tn$vgdy6bRytF!$NNd#X=TA>nB+(&f=bUEWSVX!v$dk<OaE{Z;7aV&?XDFnm
zXbbT$bwhkxG#<vjkxF+*XoCsKy#?D!Xp0)^+M?1@!nZ@cK{cpFdZQXk2IFB+h+S+y
z-9fC>nuZ3o%H?Kjni}gH)a9;fqqf|&f;DX1SXbYudR$dHdE-VfSG$&b%qVSycKqqk
z!OshJetIb5bgGvdH3zT?{78cS^wW?HCkP+*boo4QzM^ju1K(qyQL%xuU9`J_Pme~Y
z&<XR0f|i~Wy?{<C|7`F(AfxLe`JX+x1t-P{Y)J6`#pvI{;4=0Tfon@1z>(0-elFxk
z=e3a-w+>tWcoEMJI(~{HEN_#~1EPzgE2qy=+BmGhRXi#<u9)ch%yBYXY@(AcS==VN
z`TSUGqEjETcujOVgURAI(J^60X*SU>G^mViG|?xU=xruC7Q!f9Cc4w0GS*|FPc_kd
zO>|m&S$3G{(<Bk_uT6CG`C`CCzu3gT-$bXgtSpb3=rbe{@Cg&0&abjOWujjqiGT-9
zbn)uJTZc__@ruCd$4vBDCOyYZ^w}o5zyIBd{=MZNO;ebE_pnx;{Q<nl-~YnIBPJ$P
z$5y-nma#=|;yQJn7d67Wh$(k!3}w-4gp&*Aj&uB{gp=##hB^Kd!X1P^#qq<0)7_AJ
zl;h75PA-`n;P}&olPl(SaQsJvlMCj0IR1UY=`}0Y#_{hEPA->g=J*4IldI*t9KVNf
z-198w=J+=WCzs199N$hjxmvE0<4MBF#d3_}cM?vnl^gjCghlOyR}y}T<C_R4SIQmd
zcnjg=Lb+j%-$*#QPVOm=*Aq@IlY5loD+wo8$qjIPIpO3Axg8w8if~%$T#qhasj!X#
z;JkR=Ys{Ru!=HJ>-~Z-Fb8F+#;Zrlb%zyMy4+lr*UF2oiZ4mshW9qzB@T)U$hz<Uw
zBLM#XQKvui*4DWPNfo)lw9P}*Fm?*eySV<%M`+bMToNCo_6`1>zv2oGedd4ye`dsg
zD0_q7_M-p9XW9%y+a#%N>O8jjh~EE>>;Ls4g|YOs4G_%6F`=7ZEI$B}?E~J^5W@?$
zzyAi7E<gP($QjDsCxNl!n{(SC!-XHis4|D1?d<62$Q(QK&WTSl#}19oTXHyaJahQa
z8+O~_%&{fMcMnf}aCq0SR&kJA^mIAbxA_Pu2>5rtOW}vGe{b2M#WVvMU)D1`IEtAY
zqJ1};_;hS+kWTRa%+ahJ-TC+JJ_Xvd<bH!QFVP!*4hkBE34rfLj((e?I=esfDm9$Y
z`A7kwPoITy1v>P;9GraEQ1qfd^IzH5K{O25smsfLegk=752^bA=zxE(FB|q(>BG@#
zPka2CBZkJK*&*<p#)=V5n(-W|$($q=JJ3P)G~qj6pozI{e4dVB_N?>dHEdr48N<xi
z2<bA~t~R#~N<<&?lR)=g8gwdb@Vkb<C%?n8zE1W$ikhLepLokxfcJX#;EHW`FUZzn
zL3H=nyOu^hnJ?nhU5j9PZZ0l^2Mwi<n^o096=uLo3yN+YMw@}YI7Dx9*+pb1t@2PM
zF4<+!mciQW<1+hpw{g+`B<UY>>2H5k_YS>*FZa{BT2ATD?jT+jr2Y}xuHp1dbZBnb
zfEKHl0-rsYHHPrUCu3vJ!5Ef%1(&_MsmI;J-?(CM;!Np7Ltrr`tOY7{{>Kge>)HQ&
zRDSou!NrEiy=IYlQsi_x`!HsJ+p1L$wi)c3&FmvU_RjeJWJOrRZ@uydfS+~`?lfeU
zm}Q>lGI2x3c05zw2JAVyJ>{fes>*1perMAv_z+G{7?2EJv1%XumNN|G{*m7}<kI@&
zAI%;^AJWYw`wL(fZvHTuvt_uz&B?EYo8yUCnYrt1COz7J*I8To%AI$Oj*Vfbx@^d^
z5FW7*3Z6ZM&2Ny<A$ot$E(2}gCBB&q67LWVBKst5YMiL6+v__!$u~+HDfZvGTk3AE
z%Z$}+sB3N7x2R*Hg3WZ_(l}tCG4pX_=9Q);Z}DgIp-&yzTVR2I_j{V+`Gwqnn=<b-
zWj<a74P(>)+uwi0=D+TA`W<?3-?q8#_PWh=chspz2FCa64~}43=~*ux?R4Iya!Vu@
zN_0mQEukdRNhQ)7iltN0tq}#VeLm}m1v_0@ug3g{7hIX*JgJ^YC>o3@)V5OLTJrR0
zT@l3>O!YOiu2z=2J=ZD?hzi6LI%8|HPwAtcV(HKp1+NTBC*Bg2U?>zxrAk?GD+$CS
znzAjC)Vh>tYNc|y=(jl*L8w59#1Y_7x)R%z?sTY&dH`=a7FJ@>Eqrk85p5-jv~~rd
zCYVy<2~7zqTk%RBR^sXIc8IUU=8vwRBBd!1KzmOj71d}ug58O9Tw^SdNGAKPQD}_a
z39xO$Oa)<oEQY?RTTCR0MpMe=9=H1%xBioIjaPOn!45=D!o++f6ypV2qn;ZQ@y=vW
zOUHs*G!ai-BgPP)k8}N8$5%GOb~?=L`gm;Y?*T7|OTZj92d?)n;BA1{!0r0s&#i!W
z;%@jl;1ht40R9``zk}~(z~_Ol!tGNA7nlwj72Ea}X6voA&7E8^allqlNpw2bKXGPk
z>?&dqr8qzAK|ArE{0O%K^fPDWYUivQr%u{7aR<9$&R4Fgx_kktARf3s%VAsL=j%FW
z<sN&(lnHCmv1ktiUV-t|0W#VC_3?Hh+qO41af>S)6cTgjcI$SKEmuN*G3+RNezw=p
z;qP}i=GwR-;%Op2%-b(94`r`g_+GPfKC<^i{NBbs^ff?3SKqij)2SbfXNI}GS#PJY
zR-?TV?Gb9PcUInSuXoP6&*5__`^xH_i|;M>JKcLG_?@-=6>FW|q_eip>8^7wu6HWn
z1Ao19B3~z3PkLtQcP=T@%h;IhvPD-jwyFHAjir298#`>H>IoZ;(+}El0mp(xM<9O2
zw(Plb_N@Ky?Eg^CM$5{9JX{WjpV8&Z^5qPCIRpQ{XJDYx%Llj$FE><r1kMp$ut)G>
zg%mrZBIy(>qcT|sY;=m3*QN;kO`%`L8svA@xuTtp(^O=PYgBxPrTvx)JqxIO^w}6c
zIqbK42{pd?9xT^!8LK*O*KrwJdP~?xFZ@(y>45P)TGR<RWL;_FHMzHXMMXaEWbA9E
z;6FIY%WIO}BXDWAU+`TZpzI%yT|S;u7wYmjBXV5YF(UBqiFP6WM+fpdwzZ=gr*7wJ
z0dE$tL%^*9?h)`I0S^fHjDRl+_^N<!3;3~s6YvnHa*2Rf2v{TFY5{K+utUJD0`3v;
zAps8v$d#HdkM6NiNP4BRctbl5bZKP;!p-ibHEE7{?)KEU+|{n?B|4qXuQl!(_jM)>
zg;k0K*V?@W4Gx^KTZ_^iOe;z+W75yf${g@|>EHSE2~6Gx`Sc1_%zqrXtEAuM^IyQE
z|K`&#WYW*`>6486J)b_ADPleI=~LKKMb^W?oJM|0KL1oE_m6yfB^wd@N<Mv>kspyy
zzle?E_0w7$>|#d8LThp0lqL5mbDIOZhTNa>=?KpuOl2(&Hq*!tF}FFe3(2^DJ{`NH
z*njfrbJ)qEbnK$@+sv%I?%=2Ed@}9VW$b;tl;)SoKy9qhe%i0?SeFsYdeOd3bhqVs
z;SzM~bA-;lHhjl+FKk0?{J9a}^}_kw4m#<V&nJ?hvIjp~k#%_-^kU<Bn)A<P^m0x`
zKCcd;PWmSZ|KVqO(B2nx`8<@*hf?!42@N)Uxj$&}pV^#VIG<2o)XqiJ0lxIhd>+E6
z)N(zA{;-boPcQI8%8#J8IIG_#xt>Blybli=1y5b8U;QQci{&r;4d@q97nX9O1RXCQ
z;CC{LK2wp;(+AKm(PciFe5a&*FokpGUn(G2jQ$(0zi@w`IA1Y4y(Q=>=nG)at-?+z
z+gF1BTY^sU9&<SedNDg+E}>^Op9ixBy&eL68oo}-{Y@NSSdy<-A^*LgR~A{vhfC;Z
zeBPYwnMyBLRwq>cFZFAm!zhezF25#vkvx<MFig&snZF)%(nFCkb6L;%os2$1P>Jv>
zV`>RK`vw0QVJE%AQ#nwA|5OS3X1vc<!v1$H_C!H1X8&%`r(r&`f*)#mxvvEOffDph
zu$TI+UD&285Z8}N@L!ArY%zQ86?FRQU@kA0;C~x*@(1g9-xK^4Brz8!4z9)e{bmXJ
zcS_LT;dCdX?@LrDmO|xLzAi=138AEx($XCrE+k{9H#W4WO^tz8WGam(B&k}rioB9I
zr7Ef6gxVQPv<G8qSW6^RYB1f)5U}itMYKrRb?u7U6~&p<j%Ylp29wEPpNimMvX3F^
z)*Vs9>F(}6h?p=HoLU|$B`zq7Jxg4no*tfR(p0Oe(FE}Ut@fyt;GiMXi6{t#Mz`~z
zor-WK604AVlMYc3PjyF;m9eI2eSKXMMAGeQqpEJI=?r!w)e31g>gtxdwLaCiZWU!}
z@yU>Nq(iDczhLmMYBAKTU%fiuLt<53eUp!b@@%L43lo7SfiZQ}t?TO6Ha75qQ1Xn|
z%X2aGR0}<8<ebt?WU^18JkLL|ko826P%6z=0)~BlURq)H7iFgu)vM>X(K?A{WR_4q
z2_=Rlk_D+a0h+4uTotPf@@5LN&Mf`@zN9%lHST<qkt`j2(d?Z(HIzA{Hm-+%hNE#c
zor=IE$nxSTeQG$U1@&Yd-4DJ<QdVLADpCriSIZQrJg)O_I?8df$g1H~LhZu6M)`{4
zZYJ)|b569fXx(&O5AqQ;`l!J(;66WJOQf?|^_Y{e&MPPHyc5jwdgd#ywx?2ZJqenU
zwFEQIz`~~#{w0O4gPw<&r|Ue{2Syi5dn{CE&fm1Q{%Mjq^LpjeMb7z!QZMsV@ys_t
zk=sy&?kw8$3UWWaUQ^B+ZC8Kfq}n`F`Ka^K`_L>B^zzdO&&zWQZc^%pXa6x*s;^rM
zwgYNO9d^kY?zTv>hq>@2F5*HK;8HEvDX`9X+SQ(p;=c-_Vdf&NE12qHu5e!*`gEuz
z^_Hzjt;NGO4^h#UjKqQ@AZk4^jk)+9;X>8bnE;B!MO^8m0Hy?AGFPNaoDI6dP$DsC
zM}j22jz)Sk7309x!<FgB23?1&-x-1+Iu3S6Ly${o)FCM35iZ=I%!LC?Hx4EGN$C%}
z(t9}_k;Spgh(l4{1{E1k)v@vSVTmt91xGkTUdF3hg}fpe1(fGvN%o*(mX~oYO~_v^
z8B55o0v(?;6ViSe|JpAIwL%WZXI^A{RiJDgDiq_D@-j|#ToAGX;uy^5Ny^U>3T_5;
znB-+V?V#vT#*qa(*CFc!@4$~@xUzp4cl(|QM9VmXv|sW`xCQbQ6PCD)&z%zT1Jnr$
z*-v&#`-w({;wH2vQeMXKdPLycPfRGXe<?4=zYA?7Ur$UZGTwJk$a{rilBd{^RsKHE
z$p6SbD)KwP=oB57@qHcB`;v8n8T`!hGJdE~<{b+EmaJF#wNlh2d=R)<Ud9=pnyNEO
zdxe-`zr??5k(cp_VIjXj4onEhex>{mEb=mL`KAaY$@stIr@1zl9|AGozw-TmM9BY`
z8coGIo_|7{SzgAI<o}J`Zjz;{wf`ZDyo{HQ&eR28_?-S<vdGK0>ht6*D1IFnSBpCK
z3$)NulW$XzaV+_NXx90*j{ldCp{0`YGEO^sDQO$`R~;+FKR^T7B;}2G?q#}!wLdF9
z3O0Ffl7#$@GEvCO{|A(AB<1C}_Cv<pzl;x$&LeGw_DXpPZ4frg8*yZXi?fqDFs@Qg
z!V4|(GA?*h$WJ#U^@@~}WcvRkq8alyzl}G&t8ifaU#E^SCdd+HGerMxgQ8cYe6@uR
zc3vc$2F&PNv=O*vxsF^W8AY1~<#Q+ZPQk)~GGE91;s&PWsKQT<U+$mOT&({t5#ana
LJseHN+W-FnDf=ts

literal 0
HcmV?d00001

diff --git a/risky-business/description.md b/risky-business/description.md
new file mode 100644
index 0000000..e0285df
--- /dev/null
+++ b/risky-business/description.md
@@ -0,0 +1 @@
+We wanted to branch into the casino business, but human employees are too expensive so we decided to automate it. I feel like we missed something obvious though... Oh well! Here's the binary: [casino](casino) (MZ SHELL SERVER THING)
\ No newline at end of file
diff --git a/risky-business/flag.txt b/risky-business/flag.txt
new file mode 100644
index 0000000..a32695c
--- /dev/null
+++ b/risky-business/flag.txt
@@ -0,0 +1 @@
+easyctf{m4by3_w3_c0u1d_h4v3_d0n3_th47_b3t7er}
\ No newline at end of file
diff --git a/risky-business/grader.py b/risky-business/grader.py
new file mode 100644
index 0000000..3b92c76
--- /dev/null
+++ b/risky-business/grader.py
@@ -0,0 +1,4 @@
+def grade(autogen, key):
+    if key.find("m4by3_w3_c0u1d_h4v3_d0n3_th47_b3t7er") != -1:
+        return True, "Correct!"
+    return False, "Nope!"
diff --git a/risky-business/main.cpp b/risky-business/main.cpp
new file mode 100644
index 0000000..aba1945
--- /dev/null
+++ b/risky-business/main.cpp
@@ -0,0 +1,75 @@
+#include <iostream>
+#include <fstream>
+#include <sstream>
+#include <stdlib.h>
+
+
+bool gamble()
+{
+	if (rand() % 5 == 0)
+	{
+		return true;
+	}
+	return false;
+}
+
+void printflag()
+{
+	std::cout << "Welcome to our exclusive club!" << std::endl;
+	std::ifstream flagI("flag.txt");
+	std::string flag;
+	getline(flagI, flag);
+	flagI.close();
+	std::cout << "Here's our special flag: " << flag << std::endl;
+}
+
+
+int networth = 100000;
+int main()
+{
+	std::cout << "Welcome to the EasyCTF 2017 Casino" << std::endl;
+	std::cout << "Try your luck and gain access to our exclusive club!" << std::endl;
+	while (true)
+	{
+		std::cout << std::endl;
+		std::cout << "Your net worth is: $" << networth << std::endl;
+		if (networth > 2000000000)
+		{
+			printflag();
+			break;
+		}
+		std::cout << "Please enter how much you would like to bet:" << std::endl;
+		std::string tmp;
+		getline(std::cin, tmp);
+		std::stringstream s(tmp);
+		int inp;
+		s >> inp;
+		if (!s.eof() || s.fail())
+		{
+			std::cout << "That was not a valid number :(";
+			continue;
+		}
+		if (inp <= 0)
+		{
+			std::cout << "You must bet a positive amount" << std::endl;
+			continue;
+		}
+		if (inp > 100000000)
+		{
+			std::cout << "Sorry, the most we can allow you to bet is $100,000,000" << std::endl;
+			continue;
+		}
+		if (!gamble())
+		{
+			std::cout << "Sorry, I'm afraid you've lost :(" << std::endl;
+			networth -= inp;
+		}
+		else
+		{
+			std::cout << "Congratulations, you won!" << std::endl;
+			networth += inp;
+		}
+
+	}
+	return 0;
+}
\ No newline at end of file
diff --git a/risky-business/problem.yml b/risky-business/problem.yml
new file mode 100644
index 0000000..b9f93b6
--- /dev/null
+++ b/risky-business/problem.yml
@@ -0,0 +1,9 @@
+author: GenericNickname
+title: Risky Business
+hint: I wonder how you could make a lot of money...
+category: Binary Exploitation
+autogen: false
+programming: false
+value: 100
+files:
+  - casino