Un exécutable et un docker. On tente l’exécutable dans une premier temps:
$ ./bonuspoints
Hello, here you can get some bonus points for the competition.
You cannot get more than 100 bonus points.
If you go above 1000 you win.
Your score is currently 44
How many bonus points do you want?
>>> 1000
Stop cheating!
Comment ça, on ne peux pas avoir le nombre de point qu’on souhaite ?
Ok l’algo doit vérifier si on mets pas plus de 100 points. Mais si on met un nombre négatif, il se passe quoi ?
$ ./bonuspoints
Hello, here you can get some bonus points for the competition.
You cannot get more than 100 bonus points.
If you go above 1000 you win.
Your score is currently 3
How many bonus points do you want?
> -200
Your new score is 4294967099
Congratulations! Here is your flag:
cat: flag.txt: Aucun fichier ou dossier de ce type
4294967099: On est sur un underflow négatif… On le tente en remote:
$ nc localhost 4000
Hello, here you can get some bonus points for the competition.
You cannot get more than 100 bonus points.
If you go above 1000 you win.
Your score is currently 60
How many bonus points do you want?
> -200
Your new score is 4294967156
Congratulations! Here is your flag:
FCSC{750882cf64feb04b384cfa42bbf2167eab337671e663ab238339c6cee884851d}