We get a binary (elf to be exact), which, as previously, performs a password check and returns if the password was correct or not,

We expect the password to be the flag.

The code is something like:

int main() {
    printf("Enter the password: ");
    if (fgets(&password, 255, stdin)) {
        if (check_password(password)) {
          puts("Incorrect password!");
        } else {
          puts("Nice!");
        }
    }
}

We look at the check_password function. Simplified version (there were no function calls, all inlined):

bool check_password(char *password) {
    int buf[6];
    int reqired[6] = { 5, 2, 7, 2, 5, 6 };
    for (int i = 0; i <= 5; i++) {
        buf[i] = get_from_assoc(list, password[i]);
    }
    for (int i = 0; i <= 5; i++) {
        if (buf[i] != required[i]) {
            return true;
        }
    }
    return false;
}

Where list is a global variable - associative container containing:

{
    'm': 0,
    'n': 1,
    'o': 2,
    'p': 3,
    'q': 4,
    'r': 5,
    's': 6,
    't': 7,
    'u': 8,
    'v': 9,
    'w': 10,
    'x': 11,
    'y': 12,
    'z': 13
}

We used it to read the password - "******".

Flag:

温馨提示: 此处内容需要评论本文后刷新才能查看,支付2元即可直接查看所有Flag。

小广告:关于获取西普实验吧所有Writeup请点击这里查看索引

查看所有Flag需要付费,需要获取所有Flag的童鞋请访问这里成为付费用户,可以自助把自己的注册邮箱加入网站白名单,即可免回复看到本站所有Flag

Flag大全地址:所有Flag

PS:本站不是实验吧的官方站点,纯粹是个人博客,收取Flag费用仅是维持服务器费用,做站不易,且行窃珍惜,如果喜欢我的博客,愿意捐赠的,可以扫描下面的二维码

微信二维码:
支付宝二维码: