Tokyohot N0541 _hot_ Today

def register(s): menu(s) s.sendall(b'1\n') recvuntil(s, b'Name: ') s.sendall(b'A'*8 + b'\n') recvuntil(s, b'Password: ') s.sendall(b'B'*8 + b'\n')

#define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h>

def get_flag(s): menu(s) s.sendall(b'3\n') flag = recvuntil(s, b'\n') print(flag.decode()) tokyohot n0541

(CTF challenge, binary exploitation / reverse‑engineering) 1. Overview | Category | Service | Difficulty | Points | |----------|---------|------------|--------| | Binary / Reversing | tokyohot – n0541 | Medium‑Hard | 452 |

To confirm this, I printed the address of user->pwd after registration: def register(s): menu(s) s

def menu(s): recvuntil(s, b'> ')

void menu(void) puts("\n--- TokyoHot ---"); puts("1) Register"); puts("2) Login"); puts("3) Show secret"); puts("4) Exit"); printf("> "); def register(s): menu(s) s.sendall(b'1\n') recvuntil(s

void register_user(void)