pwnable: [fd]

Source Code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char buf[32];
int main(int argc, char* argv[], char* envp[]){
    if(argc<2){
        printf("pass argv[1] a number\n");
        return 0;
    }
    int fd = atoi( argv[1] ) - 0x1234;
    int len = 0;
    len = read(fd, buf, 32);
    if(!strcmp("LETMEWIN\n", buf)){
        printf("good job :)\n");
        setregid(getegid(), getegid());
        system("/bin/cat flag");
        exit(0);
    }
    printf("learn about Linux file IO\n");
    return 0;

}

Here , I have nothing to review for future too lmao :)

InShort:

• Program uses atoi(argv[1]) - 0x1234 to get a file descriptor.

• Reads from the file descriptor into a buffer and compares with "LETMEWIN\n".

Solution:

• 0x1234 in decimal = 4660.

• File descriptor 0 = stdin.

• So pass 4660 to ./fd → 4660 - 0x1234 = 0

Flag: