🔟Binary Exploitation

For this part, I will make another part for explanation of binary exploitation and other overflow exploitation.

Breaking the bank

Let download the source code given. Analise the source code.

1. Look at line 67, it compares new_balance with ori_balance.

2. To get the flag, new_balance must be more than ori_balance.

3. To get new_balance, it use simple calculation where it asked user to input amount for withdrawal then it subtract with ori_balance without any filter.

4. No filter mean we can exploit using negative value.

5. Why negative value, the operation will read negative value as addition.

   Example: 2 – (-2) = 4.

Let put negative value to input.

FLAG : FSECSS{1nputValid4tionisimp0rtant}

Rock, Paper, Scissors

Download the file and analysis the source code.

From above, on line 76 it appear to be random value.

Oh wow, interesting part, strstr, means it will compare all the strings with using substrings. That means, if we put rocksandy and computer is rock. We will win. Because using substring, it will find any string the similar to compare one. That why we win since rock is substring of rocksandy

In main function, user need to choose either to play or exit the game.

Next it will compare the user choice using if else selection.

Let play the game and win it 100%.. they payload using in this challenge are

rockpaperscissors

After put the payload and successfully winning 5 time 100% winning. We got the flag

FLAG : FSECSS{5caryCfunct1ons}