CSCAMP CTF 2012 - Exploit 100

less than 1 minute read

This was more of a reversing puzzle than an exploitation one. The binary accepts a parameter as a password. It checks if the password is correct and cats the key. If not, it tells you the key is wrong. The key is stored byte-by-byte in the program and is assembled dynamically during runtime. After assembly, it compares the supplied password with the one on its stack.

solvee100.py:

import struct, sys

def main():
stack_dump = [0x38343664, 0x39366537, 0x64386562, 0x00313538]
ans = ""

for i in stack_dump:
    ans += struct.pack("I", i)

    sys.stdout.write(ans)

if __name__ == "__main__":
    main()

Running this on our local machine:

amon@Alyx:~/cscamp/exp100$ ./level100
useage : ./level100 amon@Alyx:~/cscamp/exp100$ ./level100 wrongkey
Wrong key, try harder
amon@Alyx:~/cscamp/exp100$ ./level100 `python solvee100.py`
Congratulation, let me grab you content of key.txt
cat: ./key.txt: No such file or directory
amon@Alyx:~/cscamp/exp100$

Share on

Twitter Facebook Google+ LinkedIn

amon (j. heng)

CSCAMP CTF 2012 - Exploit 100

Share on

Leave a Comment

You May Also Enjoy

Cyberpeace 2022 - Crysys (Pwn)

TetCTF 2022 - Newbie (Pwn)

TetCTF 2022 - EzFlag (Web/Pwn)

Sieberrsec 3.0 CTF (2021) - Turbo Fast Crypto (Crypto/Pwn)