TryHackMe || Advent of Cyber 2023 Day 6: Memories of Christmas Past || WalkThrough
The topic for the day is Memory Corruption or Buffer Overflow vulnerability.
So, we click the Green Start Machine button to get the IP, and within a minute https://LAB_WEB_URL.p.thmlabs.com will become a workable website address, and the allocated IP will replace the ‘LAB_WEB_URL’ in the URL.
Clicking on the link, we will be directed to a game, where we are supposed to understand the Buffer Overflow vulnerability. The final task is to get a star and then talk to the Christmas tree which in return will give us the flag.
First, you have to move to the computer and get coins by clicking the spacebar. A maximum of 16 coins can be collected. Now you have to move to ‘Van Holly’ who will rename you based on the number of coins you have. Then move to ‘shopk_name’ from where you can purchase the Star.
Finally, we have to do experiments with the inputs to get the intended output. If you go over 12 letters in your name, your coin count will increase drastically because of Buffer Overflow.
Q/A
If the coins variable had the in-memory value in the image below, how many coins would you have in the game?
Hint: We have to reverse the order of the hexadecimal values and then convert them into decimal values.
Answer: 1397772111
What is the value of the final flag?
Hint: You can’t buy the star from ‘shopk_name.’ You have to exploit the Buffer Overflow vulnerability again. If the first letter in the ‘shopk_name’ field of the debugging panel is ‘d’, then we will have the star in our bucket and then we can talk to the tree to get the flag.
Answer: THM{mchoneybell_is_the_real_star}
If you find this blog helpful, follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/
Happy Learning