Opening the C file, we see that the file does not have the typical
gets function that is well known for its vulnerabilities. Instead the function we have to focus on it scanf. If you aren’t aware,
scanf does not have bound checking capability so if the input string is longer than the buffer size, then it will overflow.
Let’s test that out by making a quick test
flag.txt in the same directory as the Code executable. Now we will pass some arbirtuary input like:
We see the output below:
The flag is: