Description

Hello World, I've learned to code In C, a language that's quite bold It's my hope that it will be A secure foundation for me

With this new skill, I'll take flight And build applications that are tight No more bugs or errors to dread My future as a programmer ahead! Poem by ChatGPT

Solve

Connecting to the services ask for your name, and replies with theirs

Lets take a look at the source code.

This is a simple C program that does the following:

1. Declares a character array called "command" with a size of 16 and initializes it with the string whoami

2. Declares a character array called input_buf with a size of 8

3. Prints a message asking for the user's name

4. Reads up to 24 characters from the standard input (stdin) and stores it in the input_buf array

5. Prints a message saying Nice to meet you! My name is

6. Calls the system() function, which executes the command stored in the command array (i.e., whoami) and displays the output.

The whoami command is used to display the current user's username. When this program is run, it will ask for the user's name, read the input, and then display the current user's username.

The call to the read() function is using a fixed size buffer of 8 characters to read user input. However, the program is allowing the user to enter up to 24 characters.

If a user enters more than 8 characters, it could result in a buffer overflow, which could allow an attacker to inject malicious code into the program or crash the program.

If we attempt to send more than 8 character, we can see that the program will crash.

We can also see that it overwritten the whoami command partially. Attempting to send 8 a then a ls will allow us to perform code execution.

However, if we attempt to ls the look-inside-this-folder it will show an error, as the total length of input is more than 24 characters.

To get the flag, we can just call /bin/sh and get a shell.