PicoCTF - two-sum
Background
BoF
Source code
:::spoiler
#include <stdio.h>
#include <stdlib.h>
static int addIntOvf(int result, int a, int b) {
result = a + b;
if(a > 0 && b > 0 && result < 0)
return -1;
if(a < 0 && b < 0 && result > 0)
return -1;
return 0;
}
int main() {
int num1, num2, sum;
FILE *flag;
char c;
printf("n1 > n1 + n2 OR n2 > n1 + n2 \n");
fflush(stdout);
printf("What two positive numbers can make this possible: \n");
fflush(stdout);
if (scanf("%d", &num1) && scanf("%d", &num2)) {
printf("You entered %d and %d\n", num1, num2);
fflush(stdout);
sum = num1 + num2;
if (addIntOvf(sum, num1, num2) == 0) {
printf("No overflow\n");
fflush(stdout);
exit(0);
} else if (addIntOvf(sum, num1, num2) == -1) {
printf("You have an integer overflow\n");
fflush(stdout);
}
if (num1 > 0 || num2 > 0) {
flag = fopen("flag.txt","r");
if(flag == NULL){
printf("flag not found: please run this on the server\n");
fflush(stdout);
exit(0);
}
char buf[60];
fgets(buf, 59, flag);
printf("YOUR FLAG IS: %s\n", buf);
fflush(stdout);
exit(0);
}
}
return 0;
}
:::
Recon
以初學的角度來說還蠻有趣的,看了一下source code,顯然是要滿足addIntOvf()的條件,也就是輸入的兩個數都大於零,但相加小於零,==OR==,兩個數都小於零但相加卻大於零,我是用第一種啦,比較直觀,首先輸入兩個超大的數,但還落在int正數的範圍,這樣就可以滿足一開始都大於零的條件,接著相加就會落在int負數的地方,這樣就滿足第三個條件,我有再另外輸入一次,這次是$9999999999999999+9999999999999999=19999999999999998$,這個就落在int負數的地方,解析出來的結果是-545128450
Exploit
1 |
|