This is the first challenge from Pwnable.kr which is also labelled as the easiest challenge , which is from the Toddler’s Bottle section

Moving futher , on clicking the fd challenge , we get prompted

We see that there is a message where a kid asks him mom about file descriptor in Linux, pretty clear what fd stands for now here

Also it has a command to connect to the challenge through SSH , so we connect through SSH

We got connected successfully using the creds given from the challenge page , so we can see its a linux box , checking the contents of the home directory of fd user

We can see three interesting file fd , fd.c and flag which is having the flag to the challenge. The fd is an ELF binary and fd.c is the C code on which the binary was created.

So we move onto checking the C code

We see that it first checked whether the user inputs two arguments including the filename at the beginning , if it doesn't then we get the message of passing an argument with the binary.

Also we see that the variable buf is assigned 32 characters as buffer

Then we see it has a variable fd which is assigned the value of

atoi( argv[1] ) — 0x1234

atoi() function converts ascii or string to integer

And one more variable len which has value 0

After that we see that len value’s changing to

read(fd, buf, 32)

Which puts the value of fd into the buf

Then there is a string compare function(strcmp) checking whether the string is not equal to “LETMEWIN\n” then it returns the message about learning Linux file I/O

So what is this all about?? First let me tell you in short about file descriptors

In Linux machine and C language , the Linux Descriptors have a value 0 for STDIN(Standard Input) , 1 for STDOUT(Standard Output), 2 for STDERR(Standard Error)

So if we look on man page of read()

So we see that all it does is read from a file descriptor , so here if we can put 0 into fd , then we will be able to give an input to the program.

First we try running the binary program

We see without giving an argument , we get a message for passing an argument , so I just put a random number as an argument and see

We get a message about learning linux file IO , so from the C code , we can see that all we had to do something is put a number which will get subtracted to 0x1234 and make it a result of Zero. So we use python for this as its not that complicated

We see the integer value for 0x1234 is 4660 , so we now pass this as an argument and see

We can see that it got hung and most probably waiting for an input , so we now just pass the string which was there in the strcmp() function and see if we can get the flag

We see that we get the message of good job followed by the flag , so we now copy and paste this on the challenge page to complete the challenge

So here we paste the flag and click on Auth

As I already pasted the flag before creating this writeup , so I got this message like above.

References

Hacker | Bug Hunter | Python Coder | Gamer | Reverse Engineering Lover

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store