
Running the program:

Let's fire up gdb
`gdb ./sleighbell-lotto`
`disas main`

Looks like it picks a random number and compares it to the winning number. If they're the same, it jumps to the 'winnerwinner' function, if not, it jumps to the 'sorry' function.
Let's set a breakpoint on the compare call and do some digging

`r`
Once the program has stopped on the breakpoint, we're going to peek at the registers
`info registers`

So we can see where `rip` is pointing. We can follow that through the code and see that it will end up at the 'sorry' function. Let's change that to point to the win function and see what happens
`set variable $rip = 0x0000555555555590`
`c`

So by modifying the instruction pointer, we can jump directly to the win function!
---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #reverse_engineering #gdb
Related: