soal pwn

ku-ingin-lompat-sambil-jumping/return.c

@@ -0,0 +1,85 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+int wallet = 18;
+char burung[8];
+
+void secret_message(){
+  system("/bin/sh");
+}
+void buy_flag(){
+  if(wallet < 999999999999) printf("kamu terlalu lemah dude :)\n");
+    else secret_message();
+}
+void jual_burung(){
+    char buffer[64];
+    getchar();
+    printf("burung apa yang kamu mau jual ?\n");
+    fgets(buffer, sizeof(buffer), stdin);
+    printf("yang kamu jual : ");
+    printf(buffer);
+    if(strcmp(buffer,"garuda") == 1 && strcmp(burung,"garuda") == 0){
+      printf("burung berhasil di jual\n");
+      wallet = wallet + 10;
+      memset(&burung[0], 0, sizeof(burung));
+    } else{ 
+      puts("not found !\n"); 
+      exit(0);
+    }
+}
+void menu(){
+  printf("+--------------------------------+\n");
+  printf("------------PASAR BURUNG----------\n");
+  printf("+--------------------------------+\n");
+  printf("1. beli flag (999999 ruby)\n");
+  printf("2. beli garuda (10 ruby)\n");
+  printf("3. lihat burung yang udah di beli\n");
+  printf("4. jual burung\n");
+  printf("5. check wallet\n");
+  printf("6. exit\n");
+}
+
+int main()
+{
+  while(1){
+  char pilihan;
+  menu();
+  printf(">>");
+  fflush(stdout);
+
+  scanf("%s",&pilihan);
+  switch(pilihan){
+    case '1' : 
+    buy_flag();
+    break;
+    case '2' :
+    if(wallet > 10){
+      printf("burung berhasil di beli\n");
+      wallet = wallet - 10;
+      strcpy(burung,"garuda");
+    } else printf("uang gak cukup!\n");
+    break;
+    case '3' :
+    if(strlen(burung) == 0) printf("belum ada yang kamu beli!\n");
+    else printf("burung yg dah di beli : %s\n",burung);
+    break;
+    case '4' :
+    jual_burung();
+    break;
+    case '5' :
+    printf("isi wallet : %d ruby\n",wallet);
+    break;
+    case '6' :
+    printf("makasih udah berkunjung :)\n");
+    exit(0);
+    break;
+    default :
+    fprintf(stderr,"bad request!\n");
+    exit(0);
+  }
+}
+
+}

ku-ingin-melompat/return.c

@@ -0,0 +1,73 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int wallet = 18;
+char burung[8];
+
+void secret_message(){
+  system("/bin/sh");
+}
+void buy_flag(){
+  if(wallet < 999999999999) printf("kamu terlalu lemah dude :)\n");
+    else secret_message();
+}
+void jual_burung(){
+    char buffer[64];
+    printf("burung apa yang kamu mau jual ?\n");
+    read(0,buffer,128);
+}
+void menu(){
+  printf("+--------------------------------+\n");
+  printf("------------PASAR BURUNG----------\n");
+  printf("+--------------------------------+\n");
+  printf("1. beli flag (999999 ruby)\n");
+  printf("2. beli garuda (10 ruby)\n");
+  printf("3. lihat burung yang udah di beli\n");
+  printf("4. jual burung\n");
+  printf("5. check wallet\n");
+  printf("6. exit\n");
+}
+
+int main()
+{
+  while(1){
+  char pilihan;
+  menu();
+  printf(">>");
+  fflush(stdout);
+
+  scanf("%s",&pilihan);
+  switch(pilihan){
+    case '1' : 
+    buy_flag();
+    break;
+    case '2' :
+    if(wallet > 10){
+      printf("burung berhasil di beli\n");
+      wallet = wallet - 10;
+      strcpy(burung,"garuda");
+    } else printf("uang gak cukup!\n");
+    break;
+    case '3' :
+    if(strlen(burung) == 0) printf("belum ada yang kamu beli!\n");
+    else printf("burung yg dah di beli : %s\n",burung);
+    break;
+    case '4' :
+    jual_burung();
+    break;
+    case '5' :
+    printf("isi wallet : %d ruby\n",wallet);
+    break;
+    case '6' :
+    printf("makasih udah berkunjung :)\n");
+    exit(0);
+    break;
+    default :
+    fprintf(stderr,"bad request!\n");
+    exit(0);
+  }
+}
+
+}

service-diary/buffer32.c

@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+
+void not_even_called(){
+  puts("\nWelcome Garuda Muda\n");
+  system("/bin/sh");
+}
+
+void tulisan(){
+puts("██████╗ ██╗ █████╗ ██████╗ ██╗   ██╗    ███████╗███████╗██████╗ ██╗   ██╗██╗ ██████╗███████╗");
+puts("██╔══██╗██║██╔══██╗██╔══██╗╚██╗ ██╔╝    ██╔════╝██╔════╝██╔══██╗██║   ██║██║██╔════╝██╔════╝");
+puts("██║  ██║██║███████║██████╔╝ ╚████╔╝     ███████╗█████╗  ██████╔╝██║   ██║██║██║     █████╗  ");
+puts("██║  ██║██║██╔══██║██╔══██╗  ╚██╔╝      ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██║██║     ██╔══╝  ");
+puts("██████╔╝██║██║  ██║██║  ██║   ██║       ███████║███████╗██║  ██║ ╚████╔╝ ██║╚██████╗███████╗");
+puts("╚═════╝ ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚═╝ ╚═════╝╚══════╝\n");
+}
+
+int main()
+{
+  char a[4];
+  int b;
+  char c[16];
+
+  strcpy(a,"KSL");
+  b = 14045;
+
+  tulisan();
+  printf("Welcome to Diary Application \n");
+  printf("write something : ");
+  gets(c); 
+  if(strlen(c) > 20){
+    printf("karakter gak boleh lebih dari 20\n");
+  } else{ 
+    if(b == 0x67616c66) not_even_called();
+    else printf("isi diary kamu : %s\n",c);
+  }
+exit(0);
+}
+

service-diary/buffer64.c

@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+ 
+void not_even_called(){
+ printf("\nwelcome garuda muda\n");
+ system("/bin/sh");
+}
+
+void tulisan(){
+puts("██████╗ ██╗ █████╗ ██████╗ ██╗   ██╗    ███████╗███████╗██████╗ ██╗   ██╗██╗ ██████╗███████╗");
+puts("██╔══██╗██║██╔══██╗██╔══██╗╚██╗ ██╔╝    ██╔════╝██╔════╝██╔══██╗██║   ██║██║██╔════╝██╔════╝");
+puts("██║  ██║██║███████║██████╔╝ ╚████╔╝     ███████╗█████╗  ██████╔╝██║   ██║██║██║     █████╗  ");
+puts("██║  ██║██║██╔══██║██╔══██╗  ╚██╔╝      ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██║██║     ██╔══╝  ");
+puts("██████╔╝██║██║  ██║██║  ██║   ██║       ███████║███████╗██║  ██║ ╚████╔╝ ██║╚██████╗███████╗");
+puts("╚═════╝ ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚═╝ ╚═════╝╚══════╝\n");
+}
+
+int main()
+{
+ char a[4];
+ int b;
+ char c[64];
+
+ strcpy(a,"KSL");
+ b = 14045;
+
+ tulisan();
+ printf("Welcome to Diary Application \n");
+ printf("write something : ");
+ gets(c);
+ if(strlen(c) > 20){
+   printf("karakter gak boleh lebih dari 20\n");
+ } else{
+   if(b == 0x67616c66) not_even_called();
+   else printf("isi diary kamu : %s\n",c);
+ }
+ exit(0);
+}
+