Category: Pwn Points: 300 Solves: 53 Description:

h3y... can you leave me a note?

For this challenge we were given a binary and the libc used on the server. Up front I should say, I didn't solve this challenge the way it was intended. Other writeups out there will go over the proper way. This writeup goes over my way.

The Binary

Let's take a peek at the binary. First, verify the type:


$ file memo
memo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/, for GNU/Linux 2.6.32, BuildID[sha1]=55dd2460edb641c16f624ddda467a6d4ddc8b14d, stripped


Strings had an interesting line in it: "this is hidden memo pad". We'll come back to that later. Giving it a run we see that it is menu driven:


$ ./memo 
What's user name: test
Do you wanna set password? (y/n) y
Password must be set to 32 digits or less.
Password: test
Done! have a good day test

1. Leave message on memo
2. Edit message last memo
3. View memo
4. Delete memo
5. Change password
6. Quit.


Let's look at the options in turn.