What's your favorite color? Would you like to share with me? Run the command: ssh [email protected] -p 1001 (pw: guest) to tell me!
ssh [email protected] -p 1001
8 months ago
I got to admit that thekidofarcrania gives the best opportunities to learn new things!
1 year ago
I had some weird issues with the server yesterday. I got the shell, but when I entered the command to show the flag, I just got a segmentation fault. Tried it today, and everything worked fine (executed the same commands as yesterday).
If you think you've got your solution, try it outside of GDB! (Learnt this the hard way ...)
2 years ago
I tested it on my local machine. But buf is ABOVE good. So with a buffer overflow I cannot get to an address below the starting point. What am I missing?
Maybe you don't need to alter the "good" variable.
3 years ago
The challenge is interesting
Nice challenge! Also if someone is getting "sh: 1: Cannot fork", I suggest you to type 'ps aux' and check if there are some older shells left running (then just type 'kill PID' to terminate the process and be able to run your exploit).
How is it possible to get out of good &= buf[i] ^ buf[i]; anything else than 0? XOR of 2 same characters is always 0 and 0 XOR 0 is always 0.
good &= buf[i] ^ buf[i];
That is the point. You can't so you have to bypass the check
this is where i got stuck. You can't bypass it. Get around the check and find a way to go directly to the system command
Hmm ... I always get that:
Enter your favorite color: Me too! That's my favorite color too!
You get a shell! Flag is in flag.txt
Segmentation fault (core dumped)
It seems the process does not have enough privilege to call system() and a shell is not spawned. That is why it goes to the normal path and crashes with segfault when the stack is restored. You might want to revisit the permissions on the guest user.
I have got the same problem :/
I got the same output, And it took me way too long to overcome this error, but it is not a problem with the CTF. it is possible to get a shell. if you get this error, you missed something.
I know the problem is, you have got the shell but your input has reached EOF so shell will exit immediately. Example if you type something like "./color < payload", input will stopped since it has reached EOF. In order to fix this try "(cat payload -) | ./color", this command will not make the shell exit immediately because input from payload continue to stdin. Hope it help you all. I waste 2 hours man to figure out what's the problem