If the return address gets overwritten by accident, you could even spawn a shell... but this program is totally safe, right?
Beginner Hint (AI-translated)
- This challenge is in the Pwn category, specifically Pwnable (Binary Exploitation).
- Its difficulty is Hard. It is harder than the previous Easy and Medium challenges, so especially if Daily AlpacaHack is your first exposure to CTF, solving it entirely on your own will likely be difficult.
- If you get stuck, we recommend making good use of AI as needed to find a starting point for the solution.
- Pwn can seem difficult for beginners, but it is an exciting category where you can enjoy low-level computer behavior, so please give it a try.
- Even if you cannot solve it, check other players' solutions, called writeups, after the challenge ends and review them.
- 24 hours after the challenge is released, a writeup tab will be added to the list of tabs below.
- In this challenge's attachment, you are given the C source code
main.cand the compiled binarychal. - This program accepts
posandvalinputs from the player. - The goal is to execute the
winfunction in the remote environment and spawn a shell. - If you send appropriate
posandvalvalues, you can call thewinfunction, so find such values. - Connect to the remote environment with the
nccommand. - Once you get a shell, read
flag.txtand obtain the flag.