😆 nc 13.113.205.160 21700 heXDump-78a4bcbc095a3231c5caf30ce4c6ddf4c77d4c33.rb We are given a ruby script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
#!/usr/bin/env ruby # encoding: ascii-8bit # frozen_string_literal: true require 'English' require 'fileutils' require 'securerandom' FLAG_PATH = File.join(ENV['HOME'], 'flag') DEFAULT_MODE = "sha1sum %s | awk '{ print $1 }'" def setup STDOUT.sync = 0 STDIN.sync = 0 @mode = DEFAULT_MODE @file = '/tmp/' + SecureRandom.hex FileUtils.touch(@file) @key = output("sha256sum #{FLAG_PATH} | awk '{ print $1 }'").strip raise if @key.size != 32 * 2 end def menu <<~MENU 1) write 2) read 3) change output mode 0) quit MENU end def output(cmd) IO.popen(cmd, &:gets) end def write puts 'Data? (In hex format)' data = gets return false unless data && !data.empty? && data.size < 0x1000 IO.popen("xxd -r -ps - #{@file}", 'r+') do |f| f.puts data f.close_write end return false unless $CHILD_STATUS.success? true end def read unless File.exist?(@file) puts 'Write something first plz.' return true end puts output(format(@mode, @file)) true end def mode_menu <<~MODE Which mode? - SHA1 - MD5 - AES MODE end def change_mode puts mode_menu @mode = case gets.strip.downcase when 'sha1' then "sha1sum %s | awk '{ print $1 }'" when 'md5' then "md5sum %s | awk '{ print $1 }'" when 'aes' then "openssl enc -aes-256-ecb -in %s -K #{@key} | xxd -ps" else DEFAULT_MODE end end def secret FileUtils.cp(FLAG_PATH, @file) true end def main_loop puts menu case gets.to_i when 1 then write when 2 then read when 3 then change_mode when 1337 then secret else false end end setup begin loop while main_loop puts 'See ya!' ensure FileUtils.rm_f(@file) end |
Write operation allows us to write to the temporary file created and read operation prints out the content of the file as md5/sha1 hashed or aes256 encrypted using… Continue Reading →
There’s not really much I can say about this challenge… The bytes speak for themselves. Good luck!!! nc chall2.2019.redpwn.net 4008 srnr Let’s look at the file information first.
|
1 2 |
$ file ./srnr ./srnr: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=90432bf8c5b636b2f3f5d156ab368fd032bfc92d, not stripped |
It is a dynamically linked ELF 64-bit executable. Now, let’s look… Continue Reading →
can you login to this secret_login program cbe1369d57cd131d6d5b1787d02511c6.zip Let’s look at the file information first.
|
1 2 |
$ file reverse_q reverse_q: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=e80026c2c5e2fb97d997aed44527bd5e79c78566, not stripped |
Let’s run the program once to see what it does.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
$ ./reverse_q --------------------------------------- | CBM-CTF | Reversing is not that much easy --------------------------------------- Choose an option 1 = Register 2 = Login 2 Enter username AAAA User Does not Exist |
It has register and login features. After decompiling it, I noticed the following… Continue Reading →
You’ve got one silver bullet, pull the triggle carefully! nc 37.139.17.37 7331 Let’s check the file information first.
|
1 2 |
$ file Silver_Bullet Silver_Bullet: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=4e82d2545f78e6611f83f48a98f2ad3a90d4d03b, stripped |
The file is an ELF 32-bit LSB executable. Let’s look at its protections.
|
1 2 3 4 5 6 |
$ checksec Silver_Bullet Arch: i386-32-little RELRO: Full RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000) |
Its stack is not executable. Let’s decompile… Continue Reading →
Ayo, Johhny’s got your take from the job. Go meet up with em’ to claim your share. Oh, and stop asking to see the Mona Lisa alright. It’s embarrassing nc 18.191.244.121 12345 lisa Let’s check the file information first.
|
1 2 |
$ file lisa lisa: ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=7f2cd300a5518deec5cb00e27dae466022fdacd9, not stripped |
Copyright © 2020 PwnDiary