We can start off by running ltrace, which runs a command and intercepts dynamic library & sys calls.

ltrace -i -C ./baby

We’re prompted and can start off by inserting random value, e.g. asd.

A call to strcmp is intercepted by ltrace.

strcmp("asd\n", "ab[REDACTED]13\n")

Let’s start by trying to pass ab[REDACTED]13.

In this case it was just that simple, and we receive the flag.


There were probably a lot of additional ways this one could have been solved, and I think I got lucky by starting in this direction.