fd
hint
Mommy! what is a file descriptor in Linux?
* try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://youtu.be/971eZhMHQQw
ssh fd@pwnable.kr -p2222 (pw:guest)
|
连上去后,查看根目录以及.c文件;
fd@pwnable:~$ ls -la total 40 drwxr-x--- 5 root fd 4096 Oct 26 2016 . drwxr-xr-x 116 root root 4096 Nov 11 14:52 .. d--------- 2 root root 4096 Jun 12 2014 .bash_history -r-sr-x--- 1 fd_pwn fd 7322 Jun 11 2014 fd -rw-r--r-- 1 root root 418 Jun 11 2014 fd.c -r--r----- 1 fd_pwn root 50 Jun 11 2014 flag -rw------- 1 root root 128 Oct 26 2016 .gdb_history dr-xr-xr-x 2 root root 4096 Dec 19 2016 .irssi drwxr-xr-x 2 root root 4096 Oct 23 2016 .pwntools-cache
fd@pwnable:~$ cat fd.c #include <stdio.h> #include <stdlib.h> #include <string.h> char buf[32]; int main(int argc, char* argv[], char* envp[]){ if(argc<2){ printf("pass argv[1] a number\n"); return 0; } int fd = atoi( argv[1] ) - 0x1234; int len = 0; len = read(fd, buf, 32); if(!strcmp("LETMEWIN\n", buf)){ printf("good job :)\n"); system("/bin/cat flag"); exit(0); } printf("learn about Linux file IO\n"); return 0;
}
|
需要输入参数,使得read(fd, buf, 32)
读取"LETMEWIN"到buf上,需要使fd=0,即fd=0x1234=4660
fd@pwnable:~$ ./fd 4660 LETMEWIN good job :) mommy! I think I know what a file descriptor is!!
|
即可得到flag;