Enumeration & Exploitation Challenge 2 - Breads

Prompt

Some folks take their bread very seriously, especially our adversaries. What is their favorite type of bread?

Answers

Q1 (10 pts) - What language is this program written in?
C++

Q2 (20 pts) - How many variables are declared in the main function?
6

Q3 (25 pts) - What 3 header files are included in the program? Answer in the following format:
<header1>, <header2>, <header3>. i.e. <test1>, <test2>, <test3> The order doesn’t matter, and you do not need to include the angle brackets. iostream, string, algorithm

Q4 (20 pts) - How many unique responses to user input will the program output, not including the line that says “You chose: X”?
6

Q5 (25 pts) - What is the flag obtained when you enter the correct type of bread?
SKY-CAKE-4113

Steps I Took

I started by giving the executable permission to run. Then I launched it to see what it did.

I downloaded Ghidra, imported the file, and ran the analysis tool. Once everything was loaded, I started by searching through the symbol tree.

I navigated to Functions and then to main. From the decompiler output, I could see how the program responded to different inputs.

At first, I thought focaccia was the correct answer because of how the condition was written, but it did not produce the expected result. After reviewing the code again, I realized I had missed the actual answer path.

For Q1, I confirmed that main.cpp indicated the program was written in C++.

For Q4, I counted each distinct response and got 6.

For Q2, the decompiler listed the variables at the top, which gave me 6.

Q3 was the point where I struggled the most, because the answer was less obvious if you do not already know the code structure.

I reviewed common C++ headers to confirm what I was seeing in the decompiled output.

Then I searched through the program until I found iostream, string, and algorithm.