goodluck

Challenge author
JP Smith (SIGPwny)
Write-up author
Vanilla (Batman's Kitchen)
Points
200
Category
pwn

you gotta guess well

goodluck

We reverse the binary and find that it reads the flag, reads our input, compares them, and tells us if we're right. But wait: if we're wrong, it tells us what our flag was, and it uses printf for that, with our input as a format string. Furthermore, the flag is read into a buffer on the stack. Hence, we can leak the flag by making it print it out. Two details: this is 64-bit, so we need to use the ll modifier to print out 64-bit integers; and $ lets us skip to later arguments quickly. In any case, we end up with a hexdump of the flag.