💻
0xTen
  • Intro
  • 🚩CTFs
  • Hackthebox👽
    • Boxes
      • Attended
    • Challenges
      • knote
    • Business Ctf
      • 2022
        • Midenios
  • UHC🔮
    • Quals
      • 8th Edition
        • Super Secret Password
        • Trampoline
        • I like to buy or smth
  • pwnable.kr🐱
    • Toddler's Bottle
      • fd
      • bof
      • random
      • uaf
  • Boitatech🐍
    • 2021
      • bankapp
  • DEFCON☠️
    • 2022
      • Quals
        • Smuggler's Cove
  • RealWorld CTF🐉
    • 2022
  • Dice CTF 🎲
    • 2022
      • babyrop
    • 2023
  • Insomnihack💀
    • 2022
  • ClearSale CTF🏆
    • 2021
      • Secret Notes
      • Esse Esse Erre Effe
      • Fresca Soda
      • Healthchecker
  • InCTF🏆
    • 2021
      • Ancient House
  • ASIS CTF🏆
    • 2020
      • Shared house
    • 2021
      • Mini Memo
  • N1CTF🏆
    • 2021
      • babyguess
  • HacktivityCon🏆
    • 2021
      • faucet
      • pawned
      • retcheck
      • shellcoded
      • the library
      • yabo
  • 🖥️Pwn
    • ROP↩️
      • x64 ret2libc
    • Heap⛰️
      • jemalloc
      • Fastbin dup - 2.31
      • Chunk Overlapping - 2.31
      • phoenix
        • heap-zero
          • i486
        • heap-one
          • i486
    • Format strings🩸
      • Blind
    • Kernel🌽
    • Browser🤖
  • 🕸️Web
    • SQLi💉
      • Blind (Boolean Based)
Powered by GitBook
On this page
  • Interacting with the program
  • Int Underflow
  • Exploit

Was this helpful?

  1. UHC🔮
  2. Quals
  3. 8th Edition

I like to buy or smth

PreviousTrampolineNextpwnable.kr🐱

Last updated 3 years ago

Was this helpful?

Interacting with the program

The remote program gives us a wallet, and the value changes if we sell something or when we buy something.

We can buy the flag but we don't have that much money :/

The only thing it allows us to to sell is nullbytes, but it won't buy it for mor than $0.

Int Underflow

What we could do where is appeal to a technique called integer Underflow. But first, let's understand what a int overflow is.

The maxium number that can be represented in a int is 2147483647 and if we add 1 to it, this will cause the signal to invert and we would get -2147483648 as the result.

The opposite thing happens when we subtract 1 from -2147483647, which results in 2147483648, that's an int underflow.

If we sell a nullbyte for -2147483647, when the program tries to subtract the value of the flag the integer would underflow and our wallet's new amount would be over 2 billion dollars, which is way more than enough to buy the flag.

Exploit

LogoInteger overflowWikipedia