我有一些ctf问题,但这确实是我的问题。 是否可以远程编辑代码行? 在源代码(下面提供)中,该代码将调用system(),但在第12行上,布尔将禁用该调用。另外,在void newsletter()中,它会启动segfault,但我不太了解它的作用或如何规避/更改它。 谢谢!
我试图只输入将要经历的命令,例如输入2,然后| |。为了添加命令,但没有一个显示输出。我真的被困住了,不知道从这里去哪里。
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
#include <unistd.h>
void check_date();
void newsletter();
bool date_enabled = false;
int main() {
gid_t gid = getegid();
setresgid(gid, gid, gid);
setbuf(stdout, NULL);
printf("Welcome to the new portal!\n");
char action = 0;
char line[128];
while (action != 'x') {
printf("What would you like to do?\n");
printf("1.) Sign up for our newsletter!\n");
printf("2.) Check the date.\n");
printf("x.) Exit.\n");
fgets(line, sizeof line, stdin);
action = line[0];
if (action == '1') {
newsletter();
} else if (action == '2') {
check_date();
} else if (action != 'x') {
printf("Sorry, I didn't recognize that.\n");
}
printf("\n");
}
}
void check_date() {
printf("Here's the current date:\n");
if (date_enabled) {
system("/bin/date");
} else {
printf("Sorry, date has been disabled.\n");
}
}
void newsletter() {
printf("Thanks for signing up for our newsletter!\n");
printf("Please enter your email address below:\n");
char email[256];
fgets(email, sizeof email, stdin);
printf("I have your email as:\n");
printf(email);
printf("Is this correct? [Y/n] ");
char confirm[128];
fgets(confirm, sizeof confirm, stdin);
if (confirm[0] == 'Y' || confirm[0] == 'y' || confirm[0] == '\n') {
printf("Great! I have your information down as:\n");
printf("Name: Evan Shi\n");
printf("Email: ");
printf(email);
} else {
printf("Oops! Please enter it again for us.\n");
}
int segfault = *(int*)0;
}
因为编写了多个命令,例如2 | ls不起作用,我不知道还能做什么。对于此ctf,我需要在代码中找到一个看起来像tjctf {actualflaggoeshere}的标志,或者能够以某种方式获取它。