This is part of a series called Archive CTF
Here's the map if you somehow want to access all of the series: The map
The Divider
I did say, that I did not come into the ICTFF 2019 empty handed.
There are 2 questions that given by my leader to warm up to the competition (that focuses on web stuff only based on my memory)
The problem here is these questions fall into a different category called Reverse Engineering
Ok, Reverse Engineering is where you need to analyze the low level architecture of an application that can be accessible via specialized app like IDA and Ghidra to usually get the flag.
This specific skillset also can be used in Malware Analysis since you need to understand the low level architecture to understand how the Malware operates.
Although this sounds so damn cool but as of the time of writing, my scope of RE only based on these two questions, I haven't exactly progressed since then.
You can access of these two questions here if you want to try get the flag yourself:
https://drive.google.com/drive/folders/1SKIn_z3BSEgDwBe3spe-SzwpsNeX5KQT?usp=sharing
But, as the name suggest, I will do a writeup of these two questions here:
crackmefirst.exe
As you can see by the name of the question, this is an exe file
So, you can run this on windows
You will get this if you run the question:
Let us run IDA on this question, let us see the result:
So, the flag here is SotongCelupTepungCicahSosThai
But after I put this flag, the file just closes
Let us scroll further below in IDA;
As you can clearly see, the real flag is Unit6{j3n0000ht3k4}
I have no idea how to get this flag by interacting with program given.
crackmesecond
Not like before you don't know the format of this file
So, we need to open IDA on the Hex View-1 tab to see the file signature of this file(3/4 first letter of the file).
You can also use HXD (a free hex reader) to perform this operation
You'll got:
You get .ELF
To see what file type of this file, you need to go Gary Kessler File signature's website (https://www.garykessler.net/library/file_sigs.html)
If we search .ELF file in Gary Kessler's website you go this:
Executable file in Linux. Basically an .exe file in Linux.
So, for this part we need to boot up a Linux VM to finish this part.
Last time I use Parrot OS on VirtualBox. But the VM is corrupted already
Now, let us test using Kali Linux on Vmware (p/s: the background of this distro kinda looking smooth here)
You just open the drive and download the file inside of your distro.
And to make it clear, we'll move the file to desktop
So, I try do this command ./<filename> on my Kali
So, I need to boot Parrot OS and re-run this file using the same command
But still did not work....
Let us open the file on IDA for more clarification
Well, it's kinda the same with the first question, let us scroll further.
Ok, we've got the flag but what is %s ?
// Stuck at how to open the elf file. My pal done em' but it's been a long ass time since the day that i've forgot how
This is precisely the reason I open this blog, to avoid this specific situation.
But hey, even in failure we learn something.
Comments
Post a Comment