DownUnderCTF 2024 - pwn/yawa
We are given a binary with all protections turned on, and c source code.. [d@d-20tk001gus yaw]$ pwn checksec --file=yawa [*] '/home/d/Downloads/DUCTF24/yaw/yawa' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled RUNPATH: b'.' #include <stdio.h> #include <stdlib.h> #include <unistd.h> void init() { setvbuf(stdin, 0, 2, 0); setvbuf(stdout, 0, 2, 0); } int menu() { int choice; puts("1. Tell me your name"); puts("2. Get a personalised greeting"); printf("> "); scanf("%d", &choice); return choice; } int main() { init(); char name[88]; int choice; while(1) { choice = menu(); if(choice == 1) { read(0, name, 0x88); } else if(choice == 2) { printf("Hello, %s\n", name); } else { break; } } } First, we need to leak out the canary....