Pwnable.kr Writeup — fd
This is the first challenge from Pwnable.kr which is also labelled as the easiest challenge , which is from the Toddler’s Bottle section
Moving futher , on clicking the fd challenge , we get prompted
We see that there is a message where a kid asks him mom about file descriptor in Linux, pretty clear what fd stands for now here
Also it has a command to connect to the challenge through SSH , so we connect through SSH
We got connected successfully using the creds given from the challenge page , so we can see its a linux box , checking the contents of the home directory of fd user
We can see three interesting file fd , fd.c and flag which is having the flag to the challenge. The fd is an ELF binary and fd.c is the C code on which the binary was created.
So we move onto checking the C code
We see that it first checked whether the user inputs two arguments including the filename at the beginning , if it doesn't then we get the message of passing an argument with the binary.
Also we see that the variable buf is assigned 32 characters as buffer
Then we see it has a variable fd which is assigned the value of
atoi( argv ) — 0x1234
atoi() function converts ascii or string to integer
And one more variable len which has value 0
After that we see that len value’s changing to
read(fd, buf, 32)
Which puts the value of fd into the buf
Then there is a string compare function(strcmp) checking whether the string is not equal to “LETMEWIN\n” then it returns the message about learning Linux file I/O
So what is this all about?? First let me tell you in short about file descriptors
In Linux machine and C language , the Linux Descriptors have a value 0 for STDIN(Standard Input) , 1 for STDOUT(Standard Output), 2 for STDERR(Standard Error)
So if we look on man page of read()
So we see that all it does is read from a file descriptor , so here if we can put 0 into fd , then we will be able to give an input to the program.
First we try running the binary program
We see without giving an argument , we get a message for passing an argument , so I just put a random number as an argument and see
We get a message about learning linux file IO , so from the C code , we can see that all we had to do something is put a number which will get subtracted to 0x1234 and make it a result of Zero. So we use python for this as its not that complicated
We see the integer value for 0x1234 is 4660 , so we now pass this as an argument and see
We can see that it got hung and most probably waiting for an input , so we now just pass the string which was there in the strcmp() function and see if we can get the flag
We see that we get the message of good job followed by the flag , so we now copy and paste this on the challenge page to complete the challenge
So here we paste the flag and click on Auth
As I already pasted the flag before creating this writeup , so I got this message like above.
In Unix and related computer operating systems, a file descriptor ( FD, less frequently fildes) is an abstract…
C library function - atoi()
The C library function int atoi(const char *str) converts the string argument str to an integer (type int). Following…