Hi everyone. This is part 2 of how we solved the lolbinary forensics challenge. In this post, I will discuss how I reverse engineered the extracted binary and figured out how to obtain the flag from the C2 server.

Image for post
Image for post
Woot. First blood!

While doing initial static analysis, I noted that there is a base64 encoded PE file on the resource section of the binary. We can easily spot this since “TVqQAA” is consistent with the base64 encoded form of the MZ header’s first few bytes.


Hi everyone! In this post, I will discuss how I solved the reversing challenge Elfish Flag on the recently concluded TGHACK 2019.

Image for post
Image for post

The challenge is a typical crackme challenge that requires figuring out the desired input which is also the flag for the challenge. It’s quite easy compared to other reversing challenges so beginners can surely follow this one.

Let’s get to it.

Simply running the file will ask the user for some input.

orion@mint ~/Desktop/2019_TGHACK/elfish_flag $ ./elfish.elf  
Hello and welcome to my flagcheck challenge!
Enter the flag to solve this task!
...How? That is your task to solve! Have fun! …

Hello everyone. This is my write-up for solving the RE challenges for the recently concluded Encrypt CTF 2019.

Image for post
Image for post
Board wipe! Shout-out to nats and ar33zy for solving the first two.

All challenge binaries and scripts used in this write-up are hosted on my Github repo.

crackme01

This is the first challenge and is the easiest one of the four. Running the Linux file command reveals that the file is an ELF 64-bit binary.

orion@mint ~/Desktop/2019_EncryptCTF/RE $ file crackme01
crackme01: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=c31f7314bf75e828205cb9140096882d56e23e43, stripped

Next, loading the binary at a disassembler like IDA reveals the flag in the input comparison routine. …


Hello everyone. This is my write-up for solving the RE challenge AutomateMe for the recently concluded Securinets Prequals CTF 2019. This is one of the easier challenges and it doesn’t really require that much reversing. We just have to figure out how the algorithm works, take note of some patterns, and create a simple automation script to solve the challenge. The files associated with this challenge can be downloaded at my Github repo.

Let’s dive in.

Initial analysis

Running the binary against the Linux file command tells us that this is an ELF 64-bit binary.

orion@mint ~/Desktop/2019_Securinets/Reversing/AutomateMe $ file bin
bin: ELF 64-bit LSB shared object, x86–64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86–64.so.2, for GNU/Linux 3.2.0, …

About

oR10n

Forensicator. RE n00b. Co-founder of hackstreetboys.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store