question
1
2
3
4
5
6
| Mommy! what is a file descriptor in Linux?
* try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link:
https://youtu.be/971eZhMHQQw
ssh fd@pwnable.kr -p2222 (pw:guest)
|
题目要求我们使用ssh登录到服务器上查看ssh fd@pwnable.kr -p2222,密码是guest,有的时候可能有身份的校验,这个时候需要加上参数-o StrictHostKeyChecking=no进行登录
fd.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| #include <stdio.h>
#include <stdlib.h>
#include <string.h>
char buf[32];
int main(int argc, char* argv[], char* envp[]){
if(argc<2){
printf("pass argv[1] a number\n");
return 0;
}
int fd = atoi( argv[1] ) - 0x1234;
int len = 0;
len = read(fd, buf, 32);
if(!strcmp("LETMEWIN\n", buf)){
printf("good job :)\n");
system("/bin/cat flag");
exit(0);
}
printf("learn about Linux file IO\n");
return 0;
}
|
analyse
当运行可执行程序fd后,会计算变量fd的值,然后作为read函数的参数对read函数进行调用
read函数:
fd为0 :标准输入fd为1 :标准输出fd为2 :标准错误输出
所以在这里我们需要是fd为0,然后输入字符串LETMEWIN给buf,这样判断strcmp("LETMEWIN\n", buf)的结果为0,从而运行system函数可以查看到flag
所以atoi(argv[1])的值应该等于0x1234,其十进制值为4660
get flag
1
2
3
4
| fd@ubuntu:~$ ./fd 4660
LETMEWIN
good job :)
mommy! I think I know what a file descriptor is!!
|
flag:mommy! I think I know what a file descriptor is!!
