🌌
N/B Writeups
  • CTF Writeups
  • CTFs
    • 2019
      • OverTheWire Advent
    • 2020
      • Midnight Sun
      • Things I learned from DarkCTF
  • Pwnable.kr
    • 01 - fd
    • 02 - col
    • 03 - bof
    • 04 - flag
    • 05 - passcode
    • 06 - random
    • 07 - input
    • 08 - leg
    • 09 - mistake
    • 10 - Shellshock
    • 11 - coin1
    • 12 - blackjack
    • 13 - lotto
    • 14 - cmd1
    • 15 - cmd2
    • 16 - uaf
    • 17 - memcpy
    • 18 - asm
    • 20 - blukat
    • 21 - horcruxes
    • 33 - echo1
    • 34 - echo2
    • 43 - coin2
  • More Pwn
    • Protostar - format4
  • Lord of SQLI
    • Lord of SQLI
Powered by GitBook
On this page
  • The Challenge
  • The Solution
  • Unpacking
  • Debugging

Was this helpful?

  1. Pwnable.kr

04 - flag

Previous03 - bofNext05 - passcode

Last updated 4 years ago

Was this helpful?

The Challenge

Papa brought me a packed present! let's open it.

Download:

This is a reversing task. all you need is binary

The Solution

Unpacking

running the binary outputs this:

NO input, just this. Opening a debugger won't help, this binary is packed. It is hinted in the challenge description and confirmed if one tries to debug this monstrosity.

To find how the binary was packed run the strings command, and look for strings longer than 30 characters [this number was chosen arbitrary, not too short and not too long].

To examine the file we need to unpack it using UPX.

Debugging

The main function looks like this

They told the truth, It seems the flag is really copied to a malloced location.

We'll set a breakpoint after the copying and examine the memory marked as "flag".

http://pwnable.kr/bin/flag