# Self Introduction

| Difficulty | Points | Solves |
| ---------- | ------ | ------ |
| Easy       | 150    | 3      |

## Description

> Hello World, I've learned to code In C, \
> a language that's quite bold \
> \
> It's my hope that it will be \
> A secure foundation for me<br>
>
> With this new skill, I'll take flight \
> And build applications that are tight \
> \
> No more bugs or errors to dread \
> My future as a programmer ahead!\
> \
> Poem by ChatGPT

## Solve

Connecting to the services ask for your name, and replies with theirs

<figure><img src="/files/OUHWVHCdXmRPDncx3q2O" alt=""><figcaption></figcaption></figure>

Lets take a look at the source code.

<figure><img src="/files/uilF5VNzmsbfpwoZloXl" alt=""><figcaption></figcaption></figure>

This is a simple C program that does the following:

1. Declares a character array called "command" with a size of 16 and initializes it with the string `whoami`
2. Declares a character array called `input_buf` with a size of 8
3. Prints a message asking for the user's name
4. Reads up to 24 characters from the standard input (stdin) and stores it in the `input_buf` array
5. Prints a message saying `Nice to meet you! My name is`
6. Calls the `system()` function, which executes the command stored in the `command` array (i.e., `whoami`) and displays the output.

The `whoami` command is used to display the current user's username. When this program is run, it will ask for the user's name, read the input, and then display the current user's username.

The call to the **`read()`** function is using a fixed size buffer of 8 characters to read user input. However, the program is allowing the user to enter up to 24 characters.

If a user enters more than 8 characters, it could result in a buffer overflow, which could allow an attacker to inject malicious code into the program or crash the program.

If we attempt to send more than 8 character, we can see that the program will crash.

<figure><img src="/files/PS6sglfJYK3tvYWW5wRd" alt=""><figcaption></figcaption></figure>

We can also see that it overwritten the `whoami` command partially. Attempting to send 8 `a` then a `ls` will allow us to perform code execution.

<figure><img src="/files/Lj57yyToLTlpV6hj97kX" alt=""><figcaption></figcaption></figure>

However, if we attempt to ls the `look-inside-this-folder` it will show an error, as the total length of input is more than 24 characters.

<figure><img src="/files/eDfIR7yAuG06XrQvKgMN" alt=""><figcaption></figcaption></figure>

To get the flag, we can just call `/bin/sh` and get a shell.

<figure><img src="/files/eVoYm8lEM0VvfIg1FKg9" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kabinet.gitbook.io/ctf-writeup/authored/nyp-infosec-december-ctf-2022/self-introduction.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.