Hi everyone. This is part 2 of how we solved the lolbinary forensics challenge. In this post, I will discuss how I reverse engineered the extracted binary and figured out how to obtain the flag from the C2 server.
While doing initial static analysis, I noted that there is a base64 encoded PE file on the resource section of the binary. We can easily spot this since “TVqQAA” is consistent with the base64 encoded form of the MZ header’s first few bytes.
Hi everyone! In this post, I will discuss how I solved the reversing challenge Elfish Flag on the recently concluded TGHACK 2019.
The challenge is a typical crackme challenge that requires figuring out the desired input which is also the flag for the challenge. It’s quite easy compared to other reversing challenges so beginners can surely follow this one.
Let’s get to it.
Simply running the file will ask the user for some input.
orion@mint ~/Desktop/2019_TGHACK/elfish_flag $ ./elfish.elf
Hello and welcome to my flagcheck challenge!
Enter the flag to solve this task!
...How? That is your task to solve! Have fun! …Hello everyone. This is my write-up for solving the RE challenges for the recently concluded Encrypt CTF 2019.
All challenge binaries and scripts used in this write-up are hosted on my Github repo.
crackme01
This is the first challenge and is the easiest one of the four. Running the Linux file command reveals that the file is an ELF 64-bit binary.
orion@mint ~/Desktop/2019_EncryptCTF/RE $ file crackme01
crackme01: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=c31f7314bf75e828205cb9140096882d56e23e43, strippedNext, loading the binary at a disassembler like IDA reveals the flag in the input comparison routine. …
Hello everyone. This is my write-up for solving the RE challenge AutomateMe for the recently concluded Securinets Prequals CTF 2019. This is one of the easier challenges and it doesn’t really require that much reversing. We just have to figure out how the algorithm works, take note of some patterns, and create a simple automation script to solve the challenge. The files associated with this challenge can be downloaded at my Github repo.
Let’s dive in.
Initial analysis
Running the binary against the Linux file command tells us that this is an ELF 64-bit binary.
orion@mint ~/Desktop/2019_Securinets/Reversing/AutomateMe $ file bin
bin: ELF 64-bit LSB shared object, x86–64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86–64.so.2, for GNU/Linux 3.2.0, …
About
