flag_shop
Description
Thereās a flag shop selling stuff, can you buy a flag?Ā Source. Connect withĀ nc jupiter.challenges.picoctf.org 4906.
Hints
Hint(s)
- This has something to do with signed and unsigned ints in C
Step(s)
- Once connected to the server you get the options:
Welcome to the flag exchange We sell flags
-
Check Account Balance
-
Buy Flags
-
Exit
Enter a menu selection
2. This will let you know the following:
Balance = 1100
Defintely no the flag flag: cost 900
1337 Flag: cost 100,000
3. Time to look into the Code! We can see that the variable `total_cost` on line 38 is a signed int which means that any number passed not within the range of -2,147,483,648 to 2,147,483,647 will result in an overflow error. and since on line 39 it will get assigned by doing 300 * number_flags (a variable that you input) you can force `total_cost` to overflow so when your account balance is assigned on line 42 you will actually be gaining money. (Be careful to not provide to big of a number so you don't end up overflowing to a positive number)
4. I went with 2500000 as the amount of knockoff flags to buy which results in a large balance
```markdown
Welcome to the flag exchange
We sell flags
1. Check Account Balance
2. Buy Flags
3. Exit
Enter a menu selection
2
Currently for sale
1. Defintely not the flag Flag
2. 1337 Flag
1
These knockoff Flags cost 900 each, enter desired quantity
2500000
The final cost is: -2044967296
Your current balance after transaction: 2044968396
- Now go buy the 1337 flag you rich bastard.
Flag
Flag
picoCTF{m0n3y_bag5_9c5fac9b}