제리의 블로그

pwnable.kr blukat 본문

Wargame/pwnable.kr

pwnable.kr blukat

j3rrry 2018. 8. 19. 17:11

blukat - 3 pt

 

Sometimes, pwnable is strange...
hint: if this challenge is hard, you are a skilled player.

ssh blukat@pwnable.kr -p2222 (pw: guest)


  
blukat@ubuntu:~$ ls -l
total 20
-r-xr-sr-x 1 root blukat_pwn 9144 Aug  8 06:44 blukat
-rw-r--r-- 1 root root        645 Aug  8 06:43 blukat.c
-rw-r----- 1 root blukat_pwn   33 Jan  6  2017 password
password 파일의 그룹 권한은 blukat_pwn

blukat@ubuntu:~$ cat password
cat: password: Permission denied

blukat@ubuntu:~$ id
uid=1104(blukat) gid=1104(blukat) groups=1104(blukat),1105(blukat_pwn)

blukat 유저가 속해있는 그룹으로 blukat_pwn 이 있다.

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <fcntl.h>
char flag[100];
char password[100];
char* key = "3\rG[S/%\x1c\x1d#0?\rIS\x0f\x1c\x1d\x18;,4\x1b\x00\x1bp;5\x0b\x1b\x08\x45+";
void calc_flag(char* s){
        int i;
        for(i=0; i<strlen(s); i++){
                flag[i] = s[i] ^ key[i];
        }
        printf("%s\n", flag);
}
int main(){
        FILE* fp = fopen("/home/blukat/password", "r");
        fgets(password, 100, fp);
        char buf[100];
        printf("guess the password!\n");
        fgets(buf, 128, stdin);
        if(!strcmp(password, buf)){
                printf("congrats! here is your flag: ");
                calc_flag(password);
        }
        else{
                printf("wrong guess!\n");
                exit(0);
        }
        return 0;
}




blukat@ubuntu:~$ cat password | ./blukat
guess the password!
congrats! here is your flag: Pl3as_DonT_Miss_youR_GrouP_Perm!!




'Wargame > pwnable.kr' 카테고리의 다른 글

pwnable.kr echo1  (0) 2018.08.22
pwnable.kr horcruxes  (1) 2018.08.20
dragon - 75 pt  (0) 2018.06.21
simple login - 50 pt  (0) 2018.06.17
md5 calculator - 200 pt  (0) 2018.06.17
'Wargame/pwnable.kr' Related Articles more
Comments