Favorite Color
60 points Medium

What's your favorite color? Would you like to share with me? Run the command: ssh [email protected] -p 1001 (pw: guest) to tell me!

Flag
Rating 4.70
5
4
3
2
1

Discussion

I tested it on my local machine. But buf is ABOVE good. So with a buffer overflow I cannot get to an address below the starting point. What am I missing?

1
Protected
0

I overthinked. Great challenge

0

How you did it? I tried with GDB but after modifying registers I am getting shell with the same privileges like without GDB.

0

Me too! That's my favorite color too! You get a shell! Flag is in flag.txt $ cat ./flag.txt cat: ./flag.txt: Permission denied

Is there any current possible solution to this problem? It seems to me that the 'color' application is running without the required permissions to open the flag.txt file.

0

Nice challenge! Also if someone is getting "sh: 1: Cannot fork", I suggest you to type 'ps aux' and check if there are some older shells left running (then just type 'kill PID' to terminate the process and be able to run your exploit).

1
Protected
0
Protected
0

creative

0

How is it possible to get out of good &= buf[i] ^ buf[i]; anything else than 0? XOR of 2 same characters is always 0 and 0 XOR 0 is always 0.

0

That is the point. You can't so you have to bypass the check

1

this is where i got stuck. You can't bypass it. Get around the check and find a way to go directly to the system command

1