Challenge Information
- Advent of Cyber Day 6
- THM link here
Explanation
Today’s challenge is mainly interacting with a program that they created. The program teach more about memory corruption and overflow. To solve the challenge, we will first need to get more than 12 coins we can change our name for 1 coin per character.
Based on the memory, our player name have 12 block, which 1 character represent 1 block. If we create a name that has more than 12 character, it will overflow and add the 13th character into coins block. We can do this to get more coins.
Based on the result, we manage to add more gold by overflowing. Since the gold is to get a star, lets see if we can buy it with the money we have or not.
The shop sold the star for 10000 and luckily we have more than that. After trying to buy, the item somehow change to another item as it does not want us to buy it.
If we look closely to the memory block, the item that we bought is e while the first item is 1 which is exactly the same id in the shop. We could just overflow until inv_items memory block and get our star.
We manage to get our star by overflowing it. With that, we can give the star to the christmas tree.
After giving the star to the tree, we will get the flag.
Things I learned from the challenge
- overflowing