Vulnerability Hunting with Ghidra
One of the more common uses I’ve had for Ghidra over the years has been to identify and understand vulnerabilities in compiled code. The process can be very challenging but also rewarding. The art of finding vulnerabilities through reverse engineering requires both technical mastery of reverse engineering tools as well as a keen eye for spotting slight mistakes.
For this week’s Black Hat USA 2023 ‘A Guide To Reversing With Ghidra’ preview, I am sharing a sample program on the topic of vulnerability hunting. This example gives students a functional program with a subtle and exploitable bug. Unlike the previous examples I’ve shared on Medium in which you are looking for intentionally obfuscated code (crackme or backdoored library), this program is intended to simulate a simple mistake a developer code make. No attempt has been made to hide the flaw besides the fact that it is buried within a couple hundred lines of C code.
UPDATE 3/2/24: Registration is currently open for “A Basic Guide to Bug Hunting with Ghidra” at Black Hat USA 2024. The two day class will be offered August 3–4 and again August 5–6.
You can download the challenge file from: https://secur3.us/GhidraFiles/wopr
It is a 64-bit ELF for Linux and requires libsqlite3 and libcrypto to run.
In case you didn’t catch it from the filename, this is a WarGames themed challenge where the goal is to gain access the the game ‘global-thermonuclear-war’. Keen readers will likely be able to find the password but the goal here is to find a way to access the game without entering a username and password.
The program itself implements a REPL where the user can specify commands to help, login, play, or quit but until you login, the only game available should be ‘tic-tac-toe’ which is definitely worth a try:
I hope you have enjoyed reading and will consider trying this challenge on your own. If you run into problems, don’t hesistate to reach out via the comments on this post or via Twitter @CraigTweets.
Join Me At Black Hat To Learn More
As always, I hope you have enjoyed reading this post and hopefully learning something. If you found this interesting and want to learn more, please consider joining me in Vegas this summer for ‘A Guide to Reversing with Ghidra’. The class is offered twice, Saturday/Sunday and Monday/Tuesday. Early-bird pricing is still available but spaces are limited so please reserve your space today!
