LoginSignup
0

More than 1 year has passed since last update.

posted at

updated at

Pwnable.kr-[fd] writeup

Mommy! what is a file descriptor in Linux?

ssh fd@pwnable.kr -p2222 (pw:guest)

fd@pwnable:~$ ls -l
total 16
-r-sr-x--- 1 fd_pwn fd   7322 Jun 11  2014 fd
-rw-r--r-- 1 root   root  418 Jun 11  2014 fd.c
-r--r----- 1 fd_pwn root   50 Jun 11  2014 flag
fd@pwnable:~$ cat fd.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char buf[32];
int main(int argc, char* argv[], char* envp[]){
    if(argc<2){
        printf("pass argv[1] a number\n");
        return 0;
    }
    int fd = atoi( argv[1] ) - 0x1234;
    int len = 0;
    len = read(fd, buf, 32);
    if(!strcmp("LETMEWIN\n", buf)){
        printf("good job :)\n");
        system("/bin/cat flag");
        exit(0);
    }
    printf("learn about Linux file IO\n");
    return 0;

}


ファイルディスクリプタ(fd)に関する問題です。
fdは接続したファイルや入出力に関する情報が入った変数で、0が標準入力、1が標準出力を指します。
なので、今回はargv[1]に 1+0x1234 を入力してその後LETMEWIN\nを入力すれば良いです。

fd@pwnable:~$ python3 -c "print(1+0x1234)" | xargs ./fd
LETMEWIN
good job :)
mommy! I think I know what a file descriptor is!!

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
What you can do with signing up
0