sudo apt update
sudo apt install build-essential
sudo nano /usr/local/bin/SC206.c
Paste in this code,
as shown below.
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
int main(int argc, char* argv[]) {
char name[300];
uint8_t len;
if (argc < 2) {
printf("NO NAME!\n");
exit(1);
}
strcpy(name, argv[1]);
len = strlen(name);
if (len > 10) {
printf("TOO LONG!\n");
exit(1);
}
printf("%s\n", name);
}
Save the file with Ctrl+X, Y, Enter.
To compile the function,
execute this command:
sudo gcc -o /usr/local/bin/SC206 /usr/local/bin/SC206.c
To see it work, execute these commands:
SC206
SC206 ShortName
SC206 ALongerName
As shown below, it always returns
a string of ten characters or less,
which is either the input name or an
error message.
sudo nano /var/www/html/SC206.htm
Paste in this code,
as shown below.
<html>
<body>
<form action="SC206.php">
Name: <input name="name"><p>
<input type="submit">
</form>
</body>
</html>
Save the file with Ctrl+X, Y, Enter.
On your cloud Linux server, execute this command:
sudo nano /var/www/html/SC206.php
Paste in this code,
as shown below.
<?php
$noname = 0;
if (!isset($_REQUEST['name'])) {
$noname = 1;
} else {
$name = $_REQUEST['name'];
if (strlen($name) < 1) {
$noname = 1;
}
}
if ($noname == 1) {
die("<h2>Error: Must specify name!!</h2>");
}
echo "You entered: $name<p>";
echo "Sanitized name is: <pre>";
system("/usr/local/bin/SC206 $name");
?>
Save the file with Ctrl+X, Y, Enter.
http://35.222.29.122/SC206.htmEnter a name of ShortName into the form, as shown below, and click the Submit button. The next page shows the name unchanged, as shown below. Enter a name of ALongerName into the form. Verify that it's rejected, as shown below.
https://samlols.samsclass.info/SC/SC206.htmEnter the URL to your PHP page in the form for flag SC 206.1, as shown below, and click the Submit button.
Flag SC 206.1: Expected Functionality (5 pts)
The flag appears, as shown below.
AAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDDDDDEEEEEEEEEE
into the form. This name is 50 characters long.Verify that it's rejected, as shown below.
Paste that name five times into a your form. Carefully scroll through it and make sure there are no embedded spaces, so it's a single string 250 characters long.Submit it.
It's rejected, as shown below.
Enter the same 250-character name into the form, and append HELLOTHERE, so the input name is 260 characters long, and submit it.
It's accepted, as shown below.
This happens because the length variable exceeds its maximum value of 255 and rolls around to zero, so a length of 260 is measured as a length of 4.When it's working, run the test in the box below to get the flag.
Flag SC 206.2: No More Integer Overflow (10 pts)
In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC206.htmEnter the URL to your PHP page in the form for flag SC 206.2 and submit the form. If your code is correct, the flag will appear.
Posted 3-29-24