Pwnable.kr - fd

Challenge description:

Mommy! what is a file descriptor in Linux?

* try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://youtu.be/971eZhMHQQw

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char buf[32];
int main(int argc, char* argv[], char* envp[]){
	if(argc<2){
		printf("pass argv[1] a number\n");
		return 0;
	}
	int fd = atoi( argv[1] ) - 0x1234;
	int len = 0;
	len = read(fd, buf, 32);
	if(!strcmp("LETMEWIN\n", buf)){
		printf("good job :)\n");
		system("/bin/cat flag");
		exit(0);
	}
	printf("learn about Linux file IO\n");
	return 0;
}

This challenge takes one command line argument, converts the argument to an integer and subtracts 0x1234 from it. The result is used as a file descriptor to read from.

After that the binary reads 32 bytes from that file descriptor and compares it with the value LETMEWIN.

The trick here is to choose a file descriptor that we can control it’s content, what’s better that the standard input :)

The standard input file descriptor is 0.

So to solve this challenge we need an argument with the value 4660 (4660 = 0x1234) and finally write LETMEWIN to the standard input.

Solution:

fd@pwnable:~$ echo "LETMEWIN" | ./fd 4660
good job :)
mommy! I think I know what a file descriptor is!!

Flag: mommy! I think I know what a file descriptor is!!