pwnable.kr [Toddler's Bottle] -fd

最近由前辈推荐，去到http://pwnable.kr/ 开始人生中第一次正经的刷题。 Toddler's Bottle.... :(

Mommy! what is a file descriptor in Linux?

• try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://www.youtube.com/watch?v=blAxTfcW9VU

ssh [email protected] -p2222 (pw:guest)

第一题fd主要是为了介绍玩法，源码如下

#include   
#include   
#include   
char buf[32];  
int main(int argc, char* argv[], char* envp[]){  
    if(argc<2){  
        printf("pass argv[1] a number\n");  
        return 0;  
    }  
    int fd = atoi( argv[1] ) - 0x1234;  
    int len = 0;  
    len = read(fd, buf, 32);  
    if(!strcmp("LETMEWIN\n", buf)){  
        printf("good job :)\n");  
        system("/bin/cat flag");  
        exit(0);  
    }  
    printf("learn about Linux file IO\n");  
    return 0;  
  
}  

输入参数必须大于等于2，argv[0]指向程序运行的全路径名，之后从argv[1]开始即为实际传入的参数。
File descriptor 0为stdin，0x1234=4660。

构造输入：

fd@ubuntu:~$ ./fd 4660  
LETMEWIN  
good job :)  
mommy! I think I know what a file descriptor is!!