Gdb

Description Can you use the portals to get to the right place? You are provided with a 32-bit executable: └─$ file portal portal: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=2777afda2049624cbbecde55650e58f347efcd29, for GNU/Linux 3.2.0, not stripped Using checksec on this binary reveals that there are no security defenses enabled: [*] '/home/kali/ctf/uscctf2024/pwn/portal/portal' Arch: i386-32-little RELRO: No RELRO Stack: No canary found NX: NX unknown - GNU_STACK missing PIE: No PIE (0x8048000) Stack: Executable RWX: Has RWX segments Stripped: No This is a straightforward “return-to-win” challenge. Upon inspecting the binary with objdump, you can see that the function win is the goal: ...

Beginner pwn: First challenge #include <stdio.h> #include <stdlib.h> #include <string.h> int main() { char command[110] = "cowsay \""; char message[100]; printf("Give me a message to say!\n"); fflush(stdout); fgets(message, 0x100, stdin); strncat(command, message, 98); strncat(command, "\"", 2); system(command); It has been a while since I have done any CTFs! So I struggled a little bit looking at the code and what they do. When I pass 109 A’s, it still runs the cowsay bin. When you pass in 113 A’s, the output starts to show a single ‘A’: ...