write-ups-challenges-2021-2022/buffer_buffet/part2/SOLUTION.md

15 lines
1013 B
Markdown
Raw Normal View History

2021-12-02 23:33:26 +00:00
## Difficulty
Medium, 50 points
## How to Solve
Again, the memory layout is the same as before: all values are strings and they are separated with a null separator. This time, the memory contains the first user, followed by its password, followed by the second user, followed by the second user's password, etc. The only difference this time, is that the username that the users enters (the username the user wants to log in with), is saved in memory in the first 8 slots of memory.
The idea is to provide a username that is at least 8 characters long, followed by one extra character to override the null separator, then provide the same username again, followed by yet another null separator, and then any old sequence of characters. This last sequence of characters will override the password of the user, so we then use this sequence of characters as password, and we gain access to the account.
Example input:
admin: admin\0\0\0\0admin\0poopoo\0
password: poopoo
## Flag
IGCTF{BossLikesPineappleOnPizza}