2013년 6월 18일 화요일

Defcon 21 CTF Quals - policebox writeup

Two files are given below,

policebox: ELF 32-bit LSB executables, Intel 80386
core: ELF 32-bit LSB core file Intel 80386

and the core file contains a record.

with gdb, a simple solution can be derived as follows:


zemisolsol@ubuntu:~$ gdb ./policebox -q
Reading symbols from /home/zemisolsol/policebox...(no debugging symbols found)...done.
(gdb) record restore core
[New LWP 17170]
warning: .dynamic section for "/lib/i386-linux-gnu/libc.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/ld-linux.so.2" is not at the expected address (wrong library or version mismatch?)
Core was generated by `policebox'.
#0  0x08048621 in main ()
Restored records from core file /home/zemisolsol/core.
#0  0x08048621 in main ()
(gdb) b *main+123
Breakpoint 1 at 0x8048699
(gdb) disp/x $eax
1: /x $eax = 0x1
(gdb) c
Continuing.

Breakpoint 1, 0x08048699 in main ()
1: /x $eax = 0x77
(gdb) c
Continuing.

Breakpoint 1, 0x08048699 in main ()
1: /x $eax = 0x30
(gdb) c
Continuing.

Breakpoint 1, 0x08048699 in main ()
1: /x $eax = 0x72
(gdb)

Breakpoint 1, 0x08048699 in main ()
1: /x $eax = 0x6c
(gdb)
Continuing.

Breakpoint 1, 0x08048699 in main ()
1: /x $eax = 0x64
(gdb)
Continuing.

Breakpoint 1, 0x08048699 in main ()
1: /x $eax = 0x73
(gdb)
Continuing.
.
.
.


So, the key is "w0rlds.w0rst.k3yl0gger!"

댓글 1개:

  1. Very exclusive blog about def con. Quite interesting and nice topic chosen for the post Nice Post keep it up.



    DEF CON 24 - Chris Rock

    답글삭제