two-sum
Author: Mubarak Mikail | 100 points
Description
Can you solve this?
What two positive numbers can make this possible: n1 > n1 + n2 OR n2 > n1 + n2
Enter them here nc saturn.picoctf.net 57334
. Source
Solution
For this challenge we are given a simple mathematical problem and told to find a solution for n1 and n2. We are also given the source code in C, as shown below.
If you didn't known any better you would start thinking of numbers to enter into the program to make the mathematical problem work. However, this is not a math problem, it is a binary exploitation problem.
If you know anything about the security of C, then you know it is prone to being exploited due to it's low level interactions with memory and system resources. In this instance we can see that n1 and n2 are defined as integers, and taking a hint from the source code 'checking' for integer overflow, we can exploit the program.
A signed integer in C is 4 bytes or 32 bits. 32 bits can represent 2^23 values (4,294,967,296). Since our program uses signed integers, these values represent integers -2,147,483,648 to 2,147,483,647. We take advantage of these limitations below by exceeding the integer ceiling and causing an integer overflow.
Flag
The flag after executing the integer overflow is picoCTF{Tw0_Sum_Integer_Bu773R_0v3rfl0w_fe14e9e9}
Last updated