09 November 2014

Easy Overflow - 40

Is the sum of two positive integers always positive?
nc vuln2014.picoctf.com 50000
'nc' is the Linux netcat command. Try running it in the shell.
The rhetorical question in the beginning is actually a good hint by implying that, sometimes in Java, adding a number to another number will make it negative. Basic arithmetic and understanding of ints in Java are helpful in solving this problem.

Rather than running it in the shell, I decided to run it in the 'Terminal' (Mac). By opening 'Terminal' and typing in nc vuln2014.picoctf.com 50000, I was able to run the program. It looked  like this:


The number I was given was 2884043 (note that a different number is generated each time), and it is asking for a positive number that, when added, will make it negative.

I needed to know what the maximum Integer value was for Java, because if a number is added to it, it immediately becomes negative. I typed 'max int java' in Google:


I discovered that the maximum Integer value in Java is 231 - 1, or 2147483647 when expanded.

One would assume that we'd subtract the given number from the maximum Integer value, but that is not the case because we'd yield a non-negative int. So instead, we'd have to subtract the given number from maximum Integer value plus one, a.k.a. 231, or 2147483648 when expanded.

So, 2147483648 - 2884043 gave me 2144599605, which I entered into the Terminal.


The flag, which I highlighted, is That_was_easssy!