The first 3 re challenges were very simple. Out of the 4 others 3 were windows re and 1 was an apk file.
I could solve only the first 3.
Getit - 50 Points challenge
This challenge I couldn't understand the disassembly much. I was just stepping through the code in GDB. Saw a string comparison, above that a string was being moved to edi. It turned out to be the flag. :-)
0x40081c <main+198>: movsxd rbx,eax
0x40081f <main+201>: mov edi,0x6010e0
0x400824 <main+206>: call 0x4005e0 <strlen@plt>
=> 0x400829 <main+211>: cmp rbx,rax
RepairMe - 100 Points challenge
I don't know why they gave this challenge. I got the flag while just executing it.
Flag :
SharifCTF{98ad7e41c78b7df41cb2ad0c17c61408}
SCrack- 150 Points challenge
In this challenge either you have to give right input to get the flag or you can get the flag directly by examining the disassembly. I chose the second way. Starting from the following address, start converting the hex value which is being moved to esi into character. First character will be 'S'. Till you get the whole flag repeat the same process.
0x0000000000400c50 <+515>: mov esi,0x53
0x0000000000400c55 <+520>: mov edi,0x6021c0
0x0000000000400c5a <+525>: call 0x4008e0 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c@plt>
I could solve only the first 3.
Getit - 50 Points challenge
This challenge I couldn't understand the disassembly much. I was just stepping through the code in GDB. Saw a string comparison, above that a string was being moved to edi. It turned out to be the flag. :-)
0x40081c <main+198>: movsxd rbx,eax
0x40081f <main+201>: mov edi,0x6010e0
0x400824 <main+206>: call 0x4005e0 <strlen@plt>
=> 0x400829 <main+211>: cmp rbx,rax
The flag was stored at address 0x6010e0, it was moved to rdi.
We can see that by-
x/s $rdi
Flag :
SharifCTF{b70c59275fcfa8aebf2d5911223c6589}
RepairMe - 100 Points challenge
I don't know why they gave this challenge. I got the flag while just executing it.
Flag :
SharifCTF{98ad7e41c78b7df41cb2ad0c17c61408}
SCrack- 150 Points challenge
In this challenge either you have to give right input to get the flag or you can get the flag directly by examining the disassembly. I chose the second way. Starting from the following address, start converting the hex value which is being moved to esi into character. First character will be 'S'. Till you get the whole flag repeat the same process.
0x0000000000400c50 <+515>: mov esi,0x53
0x0000000000400c55 <+520>: mov edi,0x6021c0
0x0000000000400c5a <+525>: call 0x4008e0 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c@plt>
0x0000000000400c5f <+530>: mov esi,0x68
0x0000000000400c64 <+535>: mov rdi,rax
0x0000000000400c67 <+538>: call 0x4008e0 <_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c@plt>
Finally you will get the flag as:
SharifCTF{ed97d286f356dadb5cde0902006c7deb}
No comments:
Post a Comment