Toddler's Bottle - fd
- User is required to provide a argv.
- A calculation is made to get fd.
- Read action: read 32 bytes from fd into buf.
- You get the flag if buf == LETMEWIN\n
What's is fd?
- fd == 0 is stdin
- fd == 1 is stdout
- fd == 2 is stderr
code:
char buf[32];
int main(int argc, char* argv[], char* envp[]){
if(argc<2){
printf("pass argv[1] a number\n");
return 0;
}
int fd = atoi( argv[1] ) - 0x1234;
int len = 0;
len = read(fd, buf, 32);
if(!strcmp("LETMEWIN\n", buf)){
printf("good job :)\n");
system("/bin/cat flag");
exit(0);
}
printf("learn about Linux file IO\n");
return 0;
}
Solution:
Make fd 0, so argv should be 0x1234(4660 in decimal)
fd@ubuntu:~$ ./fd 4660
LETMEWIN
good job :)
mommy! I think I know what a file descriptor is!!
OR
echo "LETMEWIN" | ./fd 4660
good job :)
mommy! I think I know what a file descriptor is!!