Category: Pwn Points: 300 Solves: 53 Description:

h3y... can you leave me a note?

For this challenge we were given a binary and the libc used on the server. Up front I should say, I didn't solve this challenge the way it was intended. Other writeups out there will go over the proper way. This writeup goes over my way.

The Binary

Let's take a peek at the binary. First, verify the type:

 

$ file memo
memo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=55dd2460edb641c16f624ddda467a6d4ddc8b14d, stripped

 

Strings had an interesting line in it: "this is hidden memo pad". We'll come back to that later. Giving it a run we see that it is menu driven:

 

$ ./memo 
What's user name: test
Do you wanna set password? (y/n) y
Password must be set to 32 digits or less.
Password: test
Done! have a good day test

1. Leave message on memo
2. Edit message last memo
3. View memo
4. Delete memo
5. Change password
6. Quit.
>>

 

Let's look at the options in turn.