HOST = "127.0.0.1" PORT = 1337 # change to the port the service is bound to
#define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h>
heap: 0x603010 -> name buffer (0x80) 0x603090 -> pwd buffer (0x80)
(CTF challenge, binary exploitation / reverse‑engineering) 1. Overview | Category | Service | Difficulty | Points | |----------|---------|------------|--------| | Binary / Reversing | tokyohot – n0541 | Medium‑Hard | 452 |
there is a hidden detail: the program copies the password from the stack buffer into the heap password field using strcpy :
users[0].name = name; users[0].pwd = pwd; puts("Registered!");
void show_secret(void) if (logged_in) system("/bin/cat /home/ctf/flag.txt"); else puts("You must be logged in first!");
Tokyohot N0541 -
HOST = "127.0.0.1" PORT = 1337 # change to the port the service is bound to
#define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> tokyohot n0541
heap: 0x603010 -> name buffer (0x80) 0x603090 -> pwd buffer (0x80) HOST = "127
(CTF challenge, binary exploitation / reverse‑engineering) 1. Overview | Category | Service | Difficulty | Points | |----------|---------|------------|--------| | Binary / Reversing | tokyohot – n0541 | Medium‑Hard | 452 | heap: 0x603010 ->
there is a hidden detail: the program copies the password from the stack buffer into the heap password field using strcpy :
users[0].name = name; users[0].pwd = pwd; puts("Registered!");
void show_secret(void) if (logged_in) system("/bin/cat /home/ctf/flag.txt"); else puts("You must be logged in first!");