Category: exploit | Points: 60 | Name: EquationSolver | Solves: 257 | Description:
I created a program for an unsolveable equation system. My friend somehow forced it to solve the equations. Can you tell me how he did it?
Service: 188.166.133.53:12049
We were given a service which we connect using python sockets.
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('188.166.133.53',12049))
data = s.recv(1024)
print data
And we get the first part
Solve the following equations:
X > 1337
X * 7 + 4 = 1337
Submitting really large integers (99999999999999999999999) gave us
2147483648 is bigger than 1337
2147483645 is not equal to 1337
So it seemed like the integers overflowed. Submitting the negative of the large integers, we get similar response
-2147483648 is bigger than 1337
-2147483645 is not equal to 1337
The first line gave away they are storing the numbers as non-signed integers. So we tried to overflow it between the ranges -2147483648 and 2147483648, where the (7 * our input) positives happens
# -613566566 = 1338
# -1227133323 = 1335
# -1840700079 = 1339
Seemed like the overflow range we are looking for is in the positives, and 613566947 gave use the flag :)
613566947 is bigger than 1337
1337 is equal to 1337
Well done!
IW{Y4Y_0verfl0w}