From 0dac165fa00889e1ec238a478c7c352a4a7f6853 Mon Sep 17 00:00:00 2001 From: Maxime Vorwerk Date: Sat, 15 Jun 2024 15:12:27 +0200 Subject: [PATCH] Heap 3 --- heap_3/chall | Bin 0 -> 20856 bytes heap_3/chall.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100755 heap_3/chall create mode 100755 heap_3/chall.c diff --git a/heap_3/chall b/heap_3/chall new file mode 100755 index 0000000000000000000000000000000000000000..37f466d5c510bdc2080c8a4eaae018f3fb5032a5 GIT binary patch literal 20856 zcmeHPdvqJsnZKjaNV06pa-4?~=P^#42ZhLSNF3uhiJbT$(cRABO}CW2%CI6RYcj7cmrBusv}<`<-e15S&T zn0YOp{4^p3&&2*o+{KlQNi6NM{psY4ru#XPc#Fti;(R}lS{G)mm{LtMzk2;;St&lUVlm3HVW6{?aB7^Cr>XM91O0Vnvi#u&h2F>uX$A z9}h2%#}b*L#Y0VviyN2u(n;S^?m&4_A2e(_H*RINee5{Nq(9M<0aRAfuX(Vw{i!z} z|Kx%jwfXPde$f?2=RHy{V~`KoP$PReB#0-v96&bN{a3tP1`)ex*5_sto~T_0#iR=; zJrl^6O(5Skft>QXP<(v?`2omDSJ>#^_Cj%1Pat17fxLYJ`IZUfiy^OM)7g;U4=VS6 z!J<1NW||EIJH6P0a;jU4~eVlfOKJG)NE9{c>A7)B~H1)rG_E1`&c!BacG z#?LX0wfu4TUY=Z>V!55H8~q>9IF+qh)RSy!jL4?v$!V<1wkS_d{}-|?$&-syG*>m{ z$+Q0#(D?J@@*GDFfjl{OINQ4OQ= z?&UGG`9CL~rg-O0bN+|K+lW8T`DclzsouH6oPUydn&O>1#QCGd)70+VLC!x)JWc7& z?c@B{iKl7gxk1j~PdrWS&TZ%Xmx!k+-MMb?v_B2M?HYOh+Q7&wf#EafySKDA9B=r3 z;MA#oRY-rz`?#@wJL;>L^J%y+M)oIi?7<^6p$)8}tyy)1ET|+Uqa+x6IePF!G-pip zc!JySe}kiu^MUWZu_o}n_tb!LGVuIIW@R>lQ$#5Ar~db?dWY`zGgVsyBd?yl0ef*$ z`z0jGH7EY0KeGSzXLC7h#=-Lk4y-x``@rz2*-td-es=cGkH*H3_RP_#wcvWe!DIv` zXYVF@_$mKYCq`YQYXLvH3O-MCkmGHn9{FWpf;V8%3+Ff0`#f2IzA^4+-BC5jsDm&dX|hr zd+N&09^~OqjQ-S8e8Tchk@wA@M}Gx*VB|$4eJWf=Ozt*1CE3JLvb$P_H zeDM-ka(`YI?mwcv0BK%bWTi(epRbe8<3wZcU2^ZAgJAeQrQ+rQ{zcc{wx`auo{ID9 zj?o7w`&E{2f_(RbmNA!G@+(OmBRLgw{m4hytsB7di0|T%9cZg_4Ic-u?fT|e-P0~u zSp_=tzTEkrgF=C75UQX+r=`s~6JuT;)T7*f)qh-!uHOJH52{GvU8L}PGU12xaiT`D zhxA6v_g?aS6m;GpJpuOIEc6pNu>20_1H&h0kA8@J5wDYU?_e07rTU-yJt!RZ7)2=~ z)oTzm9Ona~_1aeB1cv^nA*cUEe(ubkEm4tTD^{Rbfno)U6)0AqSb<^%iWMkU;Qw(2 zX#I%VrpbPeKP&Km3+$O<$*TpvNZ>)-oUv#;xWi`-nJmTJ4L-e_mbUajBsl0^>eE|k zX|;|ZuIHxSS)k9 z+Y@FarSDE=QhKOA84E?4bw>AvY;)`eM2?E!I$x#>nz3X82J^$LEocULT2z z#?;ehEFRZm2|bgJxD&};`aonLncA&q5@sqGx;_$ihm(}Do*sz6(Cm-EZO0msKx;Uh zilo!XfTwX~FrJBkVHYpXZ~5HCtShlI7>|WT37Ar&uI$CpqV=ly8)IX41J8VOY>d|Q z)&t)PTy}nJ>?z>8fzJXT1Ez(z4}hzI zu}kabl2`}C0e6C=2cdcxHZ{U#o5#g-d#1(_=xv@Q!}iR-jmcVg-s7C|00Yfno)U6)0BV zZ>9o=EB!pzeFD?8m)dr|#eIdq^1119!MBL}!s&vS&pGpXJ7lzAOKpaQSoLZ@r)bVj zP3o}L+A9vkhFW`H9Uw1N)57%V+k!#I=l-3S2Gl6oDmDCE@pT%DVf-bB{tU z?|*2)nc6f9v0jItQ&R2~yv#cw?BuhBvVW``@%=e1^2Y)c=Ve`SYr*+Pg~_!fch6!<}bzb)`dfeYhzu3OivFWTCNo92w((BNC(ru%1RE^Mv5~;c!6yr6TP6ug* zlTLq1kAmaOkFJZ&D4}00l%5Y^$wh89qm+KEPFoOWo&CnErp-dM9fv?^C-EheqydIud(waHA<4zQbv<2NpoE} zPj(95PUYKad|S=8)A@Er#g}1PllMR4M^2T>{P|UyIzKhdJFRAZWz8f1+CI}%9E?0k$Fz3LLx0tPMr$E%6%Fg?`q+% z<@~3w;Qljm2{$068cKz{6it@gvoDdSA-ylKE;lCFm5~B-c zDt6F$nE-U;M9m z!S75-ecZY9rYFAowPO#Ed(WJEzdg5Q?Ye`R4_~Z2^x`#k3=!M$Nkbk_cqPx zcvy2B)ij4%?$gTd1z~E6<0?&42cw$zeuvtBhLqD=-qOm3N$dEe#?%s5ucoG=c@UzNK)C#+Yi z!45lG)UWT2YUK{~JUgl}hk9@?<)AKfO_F;B>&0Yz2F6;YqhBj=T&_N}m*;(wnYmol z#65YtrfI|4j933;pB(DiGui@&`U(;#cRZ}#v-hY&{T1e4>KDQDrQEE0#^E2O6k~_ ziRKK6k&1M1XI_XttToHm4{aQ3Lu)lbB$%w|{kwg-hc3>$plJT&S zj7HND6T1z<01jnRMkpE23?x`4k&f+1VD%&2pG-lu(+u{-Bho|Y5E{GBEs!lUu=sO5 z@0$n;NcN4(h(f_a$#5jJ)1r69!Vx2k1sf!UMHZ}%;BBikbduxojKN@dc`lWBGO>fD zu?R!~2M~=JnFJPO!q^?e@90|JE?(h^CFEOI#y}*Iv0lJ3`msvI_yISp^(h|AlJIx9 zU`(qzEJRCG29~GrE*Lh^FeJ1P#m?aDK&QBaem|Wk*sTJ~Gshpr8RTt&7fiD3ng#9_ zI41C*z@HKLu)seMxD=1CQqu)qB5+1vdc2id;Yyxdxw}{Be57g60$cdTXMe?N$Ek;+4Bt($`P#;blT5Ki=SYhg=#CN1`BZKtbpr(euP~rI`&_ z0%!vC0NYw##Mzm3>$v zJgnWKDc$yW93MEqGW#pq>l*ibUHb?I@Vv$Gr~{sK^GLnZbq`k+W`AG3%WnU71Y)!X zC)dmtLRAlF2GE^I7vOQ|KLz+WXnN-lkB+h+U^y=|&fi3n|%4wWYPKAvQ)P>|TQK$>OcY7n`I{sDr z3*y&9exW#i$i1+q=kN1d2N;Sk&&o7DsC7~tTLqK9S6NcVHcSwIJC}QyJge^)4%ba! zzXx*4r!fDK3GDBNT$f4Y;cq}*iMyS_g8e!|a$1eo{oI;PE7b0>QGGm2UPbu2IOL~b zPjY#+!EFj}Kjd=31oEpzd|h7sgcH4~a-ngx8*-|DVV*aO zIP&V-DdHRya(UGr6!Nc-+=d^WynZ1OD3mfAe3*k7!M>Pb26r$B(q;y)mxNdtlb{`# z0!31WIbeh^*TH4fFv3Y=M?BdVj2mGynMxbM%n%DD2L|I2GZOYKxv&K$dx@A4Or?Um zF@-cSqlu=11DJ4S1_pM+C66;`sx;12UTqDdV^iyfcB6e`8>YcV+qR9Z8@krP8=oyO z+5a$wB{BFHYpOuh3 zy;?s`U_``>5jl%@>c{DG(>DGh|2Q2giP@(0LOo3&@FIVKe%uT9Fi$6q{$L^;w`TD) z_edBt*%XsWKCiSs6)-N4^%;P1B5N8Sj^mcWdOV8KFk>NOFoxhpUpg)F;KCV zu4j=gH4)BYu>Cs#ttCl+xqkGh@R!F=<}d9ez7hVkHYItvK6P67`=O^+n7<`u>^2Zo zQ|T|)!@Q!yfH0K(7w-Q*3jejjPOh)@3WxJ~{&X8v=zkw%R1+CLdws>!h?<<|Se%us zqzTjgQog?~uFtygKb&t2T8OjwYX$!Dds(N2VZ30#Nq-skkph1?A8io}mgUk=;DT`M zTf$$~U(N@aZaL6BT7HxDld|uEAQR~?=lSxxOjk=ofeZWpeu2MtuAf_a=W@i_{+IrL z1T)MU`TqcU$on4oouI_ zIxX_2@lQ?q$>aDoWMm@!<#%(=(~Ufuw6nOJzl`$-DDwTY_ftzOkACSWu=JDI2IqW# zdB4#w{3q&PhIPT2V#)mFJa(WqQ*{>9ri~fbV6f^0+DJ!uE%9WbLQ-!}J&266* z0guVVgi88J%efQy-?GfIc)q})fMrW2@b94u6WT8Mk72Rdyamfzgn!}w{~P_XgchH` zU*rqf*-tk?lt^QvYC#?Bk>HbcRUwQp4fvjMNamS%` Z9I>w!1TXBrasvOF4$J?}0*3;Y{SPHxm?{7O literal 0 HcmV?d00001 diff --git a/heap_3/chall.c b/heap_3/chall.c new file mode 100755 index 0000000..4c7a811 --- /dev/null +++ b/heap_3/chall.c @@ -0,0 +1,116 @@ +#include +#include +#include + +#define FLAGSIZE_MAX 64 + +// Create struct +typedef struct { + char a[10]; + char b[10]; + char c[10]; + char flag[5]; +} object; + +int num_allocs; +object *x; + +void check_win() { + if(!strcmp(x->flag, "pico")) { + printf("YOU WIN!!11!!\n"); + + // Print flag + char buf[FLAGSIZE_MAX]; + FILE *fd = fopen("flag.txt", "r"); + fgets(buf, FLAGSIZE_MAX, fd); + printf("%s\n", buf); + fflush(stdout); + + exit(0); + + } else { + printf("No flage for u :(\n"); + fflush(stdout); + } + // Call function in struct +} + +void print_menu() { + printf("\n1. Print Heap\n2. Allocate object\n3. Print x->flag\n4. Check for win\n5. Free x\n6. " + "Exit\n\nEnter your choice: "); + fflush(stdout); +} + +// Create a struct +void init() { + + printf("\nfreed but still in use\nnow memory untracked\ndo you smell the bug?\n"); + fflush(stdout); + + x = malloc(sizeof(object)); + strncpy(x->flag, "bico", 5); +} + +void alloc_object() { + printf("Size of object allocation: "); + fflush(stdout); + int size = 0; + scanf("%d", &size); + char* alloc = malloc(size); + printf("Data for flag: "); + fflush(stdout); + scanf("%s", alloc); +} + +void free_memory() { + free(x); +} + +void print_heap() { + printf("[*] Address -> Value \n"); + printf("+-------------+-----------+\n"); + printf("[*] %p -> %s\n", x->flag, x->flag); + printf("+-------------+-----------+\n"); + fflush(stdout); +} + +int main(void) { + + // Setup + init(); + + int choice; + + while (1) { + print_menu(); + if (scanf("%d", &choice) != 1) exit(0); + + switch (choice) { + case 1: + // print heap + print_heap(); + break; + case 2: + alloc_object(); + break; + case 3: + // print x + printf("\n\nx = %s\n\n", x->flag); + fflush(stdout); + break; + case 4: + // Check for win condition + check_win(); + break; + case 5: + free_memory(); + break; + case 6: + // exit + return 0; + default: + printf("Invalid choice\n"); + fflush(stdout); + } + } +}