Coder who wrote this code was not happy with his salary hike and left the company without
handing over the source. We could manage to get the binary file somehow, can you help us
find the secret. Use nc 18.104.22.168 8060 to connect to server.
Let’s run the file using ltrace:
$ ltrace ./drunk_coder
__libc_start_main(0x804865b, 1, 0xffb1f984, 0x8048810 <unfinished ...>setbuf(0xf76c5d60, 0) = <void>puts("How many bytes you want to read "...How many bytes you want to read from file
) = 42
__isoc99_scanf(0x80488ba, 0xffb1f88c, 0xc10000, 01234567890
) = 1
printf("Reading %d bytes\n", 1234567890Reading 1234567890 bytes
) = 25
puts("You will be banned if you brutef"...You will be banned if you bruteforce...
) = 40
time(0) = 1499196786
sleep(36) = 0
, "1234567890\n", 1234567890) = 11
atoi(0xffb1f8ac, 0xffb1f8ac, 0x499602d2, 0) = 0x499602d2
puts("Sorry Password in file is wrong"Sorry Password in file is wrong
) = 32
+++ exited (status 0) +++
The binary asks for number of bytes to read and then we are asked for an input after a brief sleep().
Let’s observe the disassembly and understand the ltrace calls.
The following things happen:
Now, first we are asked for the length of input, and then our input is converted to integer.