Again, smashing the keyboard doesn't work. Sadly. Let's check out the protections:
Again, smashing the keyboard doesn't work. Sadly. Let's check out the protections.
Same thing again, GHidra decompilation time.
Again, gets()
shows a clear buffer overflow vulnerability. Among other functions there is a flag()
function.
So, calling flag()
returns the flag. Unsurprisingly.
We'll be using the buffer overflow vulnerability to redirect code execution to the flag()
function. Some experimenting shows a padding of 40 bytes is needed to overwrite RIP.
Flag: csictf{ch4lleng1ng_th3_v3ry_l4ws_0f_phys1cs}