Spooky Time

Exploitation

  • The binary gives the user two chances to input text before exiting, and after entry the text is displayed to the user.

    Only the first word (divided by spaces) is read, if there are two words the second word is automatically the input for the next prompt. Running strings on the binary shows %11s after the first prompt and %299s after the second prompt, which in C means the input should be padded with that many spaces if the input is shorter than the specified length.

    Pressing the Enter key will not terminate the input, it seems to still just wait for real input before continuing execution. There must be some way to break out of the normal flow of input and get the flag.txt file's contents, that is the only thing that makes sense.

    exit didn't do anything of interest, neither did cat /flag. Adding 11 spaces before cat and 299 spaces before /flag didn't work either, neither did adding the spaces after the words.