Spooky Time
Exploitation
-
The binary gives the user two chances to input text before exiting, and after entry the text is displayed to the user.
Only the first word (divided by spaces) is read, if there are two words the second word is automatically the input for the next prompt. Running
strings
on the binary shows%11s
after the first prompt and%299s
after the second prompt, which in C means the input should be padded with that many spaces if the input is shorter than the specified length.Pressing the
Enter
key will not terminate the input, it seems to still just wait for real input before continuing execution. There must be some way to break out of the normal flow of input and get theflag.txt
file's contents, that is the only thing that makes sense.exit
didn't do anything of interest, neither didcat /flag
. Adding 11 spaces beforecat
and 299 spaces before/flag
didn't work either, neither did adding the spaces after the words.