CBM CTF 2019 Pwn pwn1

pwn1

reverse the binary and exploit server at: nc 35.231.63.121 1337

$ file pwn1.elf
pwn1.elf: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=1caccb1acec8f9c4349bbb692ab6c507a4f49e56, not stripped
int __cdecl main(int argc, const char **argv, const char **envp)
{
  int v4; // [rsp+Ch] [rbp-4h]

  puts("enter a number");
  __isoc99_scanf("%d", &v4);
  if ( (unsigned int)get_number() == v4 )
  {
    puts("great number ,I like it.\ntake your price");
    get_flag();
  }
  else
  {
    puts("sorry! I don't like this number\nTry again");
  }
  return 0;
}

get_number functionと比較してget_flag()を呼び出している。

if ( (unsigned int)get_number() == v4 )

get_number()では1139440753を返している。

signed __int64 get_number()
{
  return 1139440753LL;
}
~ ? python -c "print('1139440753')" | nc 35.231.63.121 1337
enter a number
great number ,I like it.
take your price
cbmctf{e@sy_r3v3rs3!!}

FLAG : cbmctf{e@sy_r3v3rs3!!}