所以有一个文本文件,例如file.txt。在同一目录中,还有2个其他文件具有代码。其中一个文件有一个代码,如果你满足它的if / else问题那么它将强制打开你的文件。我的问题是我如何更改if / else问题中的值,以便强制打开文件。
userd5c84 @ shell:/ problems / aplit $ ls
aplit aplit.c flag.txt Makefile
下面的代码在aplit.c中,我试图进入flag.txt
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
int main(int argc, char **argv) {
int score = 0;
printf("CollageBored (R) Advanced Placement Literature Grader\n");
if (argc != 2) {
printf("Usage: %s [essay]\n", argv[0]);
return 1;
}
char buf[700];
strcpy(buf, argv[1]);
printf("-------------- YOUR SUBMISSION --------------\n");
printf("%s\n", buf);
printf("---------------------------------------------\n");
printf("According to our analysis, your response received a grade of %d!\n", score);
if (score > 12) {
uid_t uid = geteuid();
setresuid(uid, uid, uid);
FILE *fp;
fp = fopen("flag.txt", "r");
char flag[64];
fgets(flag, 64, (FILE*) fp);
printf("Wow, you're an HONOR student! Here's a flag: %s\n", flag);
} else {
printf("Sorry, you can only view the FLAG if you received a score greater than 12.\n");
printf("\n");
printf("If you didn't do as well as you wanted, be sure to take a look at our rubric\n");
printf("to see how we grade your essay!\n");
printf("********* RUBRIC ************ \n");
printf("* 0 - your essay sucks * \n");
printf("* 1 - impossible to achieve * \n");
printf("* 2 - impossible to achieve * \n");
printf("* 3 - impossible to achieve * \n");
printf("* 4 - impossible to achieve * \n");
printf("* 5 - impossible to achieve * \n");
printf("* 6 - impossible to achieve * \n");
printf("* 7 - impossible to achieve * \n");
printf("* 8 - impossible to achieve * \n");
printf("* 9 - impossible to achieve * \n");
printf("***************************** \n");
}
return 0;
}
答案 0 :(得分:0)
好像你必须做一个“堆栈利用”来覆盖score成为12或更多。这意味着在命令行中输入至少704个字符的字符串argv[1],这样strcpy将覆盖得分。
这假设一个架构/编译器使用堆栈并将变量按顺序放置在“堆栈”上,这意味着最后一个变量在内存中是第一个:
buf: 00 00 00... 00; score: 00 00 00 00