Challenge Description: You can B whatever you want to B.
Basic Recon
When we connect to the instance we see a simple program that asks for an index and it will replace the index we input with a ‘B’ in a string of ‘A’s.
Source Code Review
Looking at the source code, we see:
As we can see here, our input will be changing the character array edit_me.
This array includes a null byte terminator (‘\x00’) in the final index.
The purpose of this is that Strings in C are a character array with a null byte at the end to let the program know where to stop. So when the program tries to read the character array as a string, it will read it character by character until it reaches a null byte terminator.
Exploit
Knowing that the program is supposed to terminate the string at the 63 index, what if we replace the null byte with a different value?
And we get the flag!
The idea is that since we removed the initial string terminator, the program will think the string has not ended and continue reading characters even outside of the initial array until it reaches another string terminator, in which this case is found in the flag character array.