-
Notifications
You must be signed in to change notification settings - Fork 477
/
Copy pathnanana.c
78 lines (63 loc) · 1.49 KB
/
nanana.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void CGI_INIT();
char* CGI_GET(char *);
void do_job(char *, char *, char *);
void CGI_GET_PASS(char *);
char secret_pass[25] = {0};
int get_input(char *username, char *password, char *job, char *action){
char *data = NULL;
// get username
data = CGI_GET("username");
if ( data == NULL ){
goto FAILED;
}
sprintf(username, data);
// get password
data = CGI_GET("password");
if ( data == NULL ){
goto FAILED;
}
sprintf(password, data);
// get job
data = CGI_GET("job");
if ( data == NULL ){
goto FAILED;
}
sprintf(job, data);
// get action
data = CGI_GET("action");
if ( data == NULL ){
goto FAILED;
}
sprintf(action, data);
FAILED:
return 1;
}
int main(){
char job[16] = {0};
char password[32] = {0};
char username[32] = {0};
char action[48] = {0};
int flag=0, i=0;
CGI_INIT();
CGI_GET_PASS(secret_pass);
get_input(username, password, job, action);
char *needle = secret_pass;
flag = 0, i = strlen(needle);
do {
if (!i)
break;
flag = (char)password[i] == needle[i];
i--;
} while(flag);
if ( !flag ){
puts("Auth Failed");
return -1;
} else {
do_job(username, action, job);
system("cat fake-flag");
}
return 0;
}