pwn

Cyber Apocalypse 2023

Questionnaire

Solved by Legend

Challenge description

It’s time to learn some things about binaries and basic c. Connect to a remote server and answer some questions to get the flag.

In this challenge we are given a binary along with it’s source code test.c

Executing the binary asks for a payload which we don’t have so I looked into the C code that was provided.

Going through the C code we can see that the flag is in the gg() function but it’s never called from either main() or vuln() function so we can not get the flag from this. And there is also the comment stating that we need to connect to the challenge with netcat.

Once connected it shows that there will be simple questionnaire to get the flag along with theory of information required to solve a simple binary challenge.

The 0x1 question is to check the bit for the binary . We already ran file on the binary and got the answer that is 64-bit.

In 0x2 question is to check the linking of the binary. Again using the file command we can get the answer that is dynamic.

In 0x3 it’s asking it’s stripped or not stripped binary. Again using file and the answer is not stripped.

In 0x4 they are asking the protections enabled in the binary. Using checksec we can get the answer NX.

In 0x5 the are asking the custom function getting called in main(). We saw from the code that it’s vuln().

In 0x6 it’s asking the size of the buffer. Answer is 0x20 which is written in the C code.

In 0x7 it’s asking the function which never get’s called. The answer is gg() as we saw initially.

In 0x8 it’s asking the name of function which could trigger Buffer Overflow. Answer is fgets() written in the C code.

In 0x9 it’s asking after how many input of bytes the Segmentation fault will occur. Answer is 40 we can manually test it by giving the input to the binary.

In 0xa question they are asking the address of the function gg. We can get this using p gg and the answer is 0x401176. Once we enter the final answer it will print out the flag.

Published on : 27 Mar 2023