App - System

I completed this challenge by brute force.

But I do not want to use this way. I tried debugging (gdb) and the value of the buffer (0xbffffb7c) is "\ 221 \ 205 \ 004 \ bp \ 205 \ 004 \ b0 \ 204 \ 004 \ b". But I no understand what it is. Can anyone explain or point out I was wrong ?

You dumped the contents of the buffer before the call to fgets (or at least it looks like you did). You need to inspect the contents after the call, otherwise it’s just whatever happens to be sitting at the address.

I am not able to do this, however. The fopen call fails when I attempt to debug using gdb. Did you run into this issue ? I observe that fopen fails and, as a result, the FILE* is set to NULL. So then the code attempts to fgets with a NULL pointer, causing a failure.

I’m also seeing this. fopen() returns NULL and so fgets fails when I run it in GDB . No such issue when run from the terminal shell. Any clue as to why this happens.

When you start the program in gdb, the program is not executed with the same permissions as if you just execute the program directly. So the file opening fails because the program permissions are not correct.

Hi,
I’m getting crazy about this. I can print a string from the args I pass to the file (I printed the args, I printed the strings passed to the fope() function so I can choose what I’m printing). Can you give me a hint of where I could have the buffer address (Which I thought was on the Stack, correct me if I’m wrong, like 0x2c from esp) but apparently this isn’t the right place to search ?

Thanks in advance and sorry for the noob I am...

The value is on the stack. You can see it if you pass enough format string characters to argv[1]. However, after the find the value (4x8 bits), you will need convert from hex to plain but before re-order it due to little endianness.