[TWCTF-2016: PWN] judgement Writeup


Guest post by Shak.

Challenge description:
Host : pwn1.chal.ctf.westerns.tokyo
Port : 31729

Let’s check the binary. The following function is reading the flag from a local file on the server, so this binary will not reveal the flag, but further examining it might.

Next we can see the main function which gets our input and compares it to the flag.

What it also does, is printing our input with no formatting (line 15), which means we can use printf format to read data from the stack. First of all, let’s check if this will work by trying to print the second value from the stack as a string

It works, but no luck there. I wrote a simple python script that will print the first 300 values from the stack and search for the flag:

And indeed we get it:


2 thoughts on “[TWCTF-2016: PWN] judgement Writeup

Leave a Reply

Your email address will not be published. Required fields are marked *