반응형
b01lers CTF padlock Writeup
Description
Mindblown by ioccc? How can someone write programs like this... Anyway, try open this padlock :)
먼저 문제를 풀기 위해 quine.c 코드부터 확인해보자.
quine.c
#include/*firt*/<stdio.h>
#define/*ah*/ p/**/putchar
#define/*??*/ c/*cal*/char
#define/*to*/ Q(q)int*P,u\
/*why...*/=0, M[99999],*C\
=M,*S=M+293;c *Q=#q/*am*/\
,H[99999],*D= H;/*i*/int(\
main)(int*a,c **b){q;}/**/
/*quine*/Q(int*B=M+549;int/*ahhh*/l=strlen(b[1]);p(47);
p(47);for(;*Q;Q++){if(*Q==124)*C++=10;else/*haaa*/if(*Q
==126)*C++=32;else/*wtf_is_this*/if(*Q==33)*C++=34;else
/*woeira*/if(*Q>34)*C++=*Q;*D++=*Q==32?'\n':*Q;}for(int
u=-0;u<l*4;)p(-b[1][u/4]+S[u++]-S[u++]+(S[u++]^S[u++])?
88:79);p(10);/*weird___*/for(int*d=B;d<M+1280;)p(*d++);
printf("%s)",/*progra*/H+304);return/*UwU*/0**"^O{(u4X"
"z}e(tiIh.p+}Kj<&eb]0@sHecW^[.xroBCW=N3nG+r.]rGEs.UJw^"
"y'tn_Qv(y;Ed')#@q@xI1N:wH<X1aT)NtMvNlcY0;+x[cQ4j9>Qi2"
"#Yq&fR#os=ELTjS^/deJZ;EuY`#IQwKL)w<N<Zh,;W9X=&t0zX&E0"
"e<_3SVaLs(pXk6z-XGHTx8T/?-^`h[K0h}`dD6kX:vEeC,mI5fR9k"
"]{;yfO0Wg/1-Z^=WyUqN5XY1g25K1sJgKzfG.~~~~~~~~~~~~~~#i"
"nclude/*firt*/<stdio.h>|~~~~~~~~~~~#define/*ah*/~~~~~"
"~p/**/putchar|~~~~~~~~~#define/*??*/~~~~~~~~~c/*cal*/"
"char|~~~~~~~~#define/*to*/~~~~~~~~~~~Q(q)int*P,u\|~~~"
"~~~~~/*why...*/=0,~~~~~~~~~~~M[99999],*C\|~~~~~~~~=M,"
"*S=M+293;c~~~~~~~~~~~*Q=#q/*am*/\|~~~~~~~~,H[99999],*"
"D=~~~~~~~~~~~H;/*i*/int(\|~~~~~~~~main)(int*a,c~~~~~~"
"~~~~~**b){q;}/**/|/*quine*/Q(int*B=M+549;int/*ahhh*/l"
"=strlen(b[1]);p(47);|p(47);for(;*Q;Q++){if(*Q==124)*C"
"++=10;else/*haaa*/if(*Q|==126)*C++=32;else/*wtf_is_th"
"is*/if(*Q==33)*C++=34;else|/*woeira*/if(*Q>34)*C++=*Q"
";*D++=*Q==32?'\n':*Q;}for(int|u=-0;u<l*4;)p(-b[1][u/4"
"]+S[u++]-S[u++]+(S[u++]^S[u++])?|88:79);p(10);/*weird"
"___*/for(int*d=B;d<M+1280;)p(*d++);|printf(!%s)!,/*pr"
"ogra*/H+304);return/*UwU*//*quine*/Q(/*random_stuf*/")실행해보면 파라미터에 flag를 유추해서 넣었을 때 맞으면 O, 틀리면 X가 나온다. 그래서 bctf{ 를 넣으면 OOOOO가 나오는 프로그램이었다.
따라서 Blind SQL Injection 처럼 exploit 코드를 작성했다.
solution
exploit.py
import subprocess
flag = "bctf{"
for i in range(7,100):
for j in range(33,133):
file = "./test"
result = subprocess.run([file, flag+chr(j)], capture_output=True, text=True)
output_lines = result.stdout.splitlines()
for line in output_lines:
if line[-1] == "O":
flag = flag+chr(j)
print(flag)
else:
continue
728x90
'Reversing' 카테고리의 다른 글
| WolvCTF 2023 yowhatsthepassword Writeup (0) | 2023.03.20 |
|---|---|
| wolvctf2023 baby-re Writeup (0) | 2023.03.20 |
| KnightCTF 2023 Rev - Help Jimmy Writeup (0) | 2023.01.27 |
| Knight CTF 2022 Reversing Droid Flag Wrteup (0) | 2023.01.22 |
| KnightCTF 2022 Baby Shark writeup (0) | 2023.01.19 |
