Hackvent 2019: Day 10

11 Dec 2019
CTF: Hackvent 2019
Link to challenge:
Date Completed: 11 December 2019


HV19.10 Guess what



We are provided with an ELF binary so the first thing we do is run in in a Linux virtual machine.

The binary prompts us for some input and then tells us we have failed!

Example with input of test:

We look at the strings in the binary for some clues:

We observe how the string  Your input  and  nooooh. try harder! don’t appear as strings.

It is reasonable to assume obfuscation is used at this point to conceal some strings.
We decide to load up the program in one shell and, while its open waiting for input, check the process status output in another shell:

The original binary essentially delegates to calling execve on /bin/bash with the above command but we abuse the fact that it is all in memory to easily fetch our flag!

Flag:  HV19{Sh3ll_0bfuscat10n_1s_fut1l3}

No Comments

Posted in Hackvent 2019


Leave a Reply