I'll be adding more challenges on this writeup as I do more , but basically pwnable.kr is a website which offers practice on binexp (binary exploitation / pwn) challenges , the have challenges based in different levels ! ### First Challenge : FD ```= Mommy! what is a file descriptor in Linux? * try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://youtu.be/971eZhMHQQw ssh fd@pwnable.kr -p2222 (pw:guest) ``` Sounds fairly easy , so it's basically about file descriptors!, so let's connect and take a look on the challeng: ```= fd@pwnable:~$ ls fd fd.c flag ``` So we got three files, where as `fd` is our binary, and the `flag` which contains our flag, and `fd.c` which is the source code of `fd` ```c= #include <stdio.h> #include <stdlib.h> #include <string.h> char buf[32]; int main(int argc, char* argv[], char* envp[]){ if(argc<2){ printf("pass argv[1] a number\n"); return 0; } int fd = atoi( argv[1] ) - 0x1234; int len = 0; len = read(fd, buf, 32); if(!strcmp("LETMEWIN\n", buf)){ printf("good job :)\n"); system("/bin/cat flag"); exit(0); } printf("learn about Linux file IO\n"); return 0; } ``` So we break down the source code to understand what it does and it looks like it takes an argument which is to be an input and then we got `int fd = atoi(argv[1]) - 0x1234` which means the input you gave in will be converted to int, then `read(fd,buf,32)` where the buf is assigned to buffer of 32 characters. So let's get back to school we have 3 types of file descriptors: ```= stdin with int value(0) stdout with int value(1) stderr with int value (2) ``` So first thing I do is to know the int value of 0x1234 which is being substracted to `argv[1]` ```python= └──╼ $python3 Python 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 0x1234 4660 ``` okay basically `0x1234` = `4660`, so what it does watever input we put in will be substracted with `0x1234` then it'll take our input and then checks if buf is equal with `LETMEWIN` and if it is , it'll give us the flag , if not then we can't read the flag it'll print `learn about Linux file IO`, Basically we have to make `argv[1] - 0x1234 = 0` so as stdin is specified and then we can be able to input `buf`: ```bash= fd@pwnable:~$ ./fd 4660 LETMEWIN good job :) mommy! I think I know what a file descriptor is!! ``` FLAG : `mommy! I think I know what a file descriptor is!!` ---- ### WILL CONTINUE WHEN I DO THE NEXT CHALLENGE