String analysis shows whats expected by the binary, usage format, two text files [file.txt and hobbit.txt]
On executing (hobbit.exe R1ght_l0g1n P5rf5ct_passw0rd) a file.txt is created with doesn't contain the flag. There is a check for whether there are 2 arguments passed to the executable command line.
on executing (hobbit.exe Hobbit There_and_back_again) hobbit.txt is created with the flag - J.R.R.Tolkien
On executing (hobbit.exe R1ght_l0g1n P5rf5ct_passw0rd) a file.txt is created with doesn't contain the flag. There is a check for whether there are 2 arguments passed to the executable command line.
As 'file.txt' doesn't contain flag so we need to force the
control flow towards the creation of 'hobbit.txt'. Using ida's cross-refrencing functionality its clear that this would happen when either the username or password doesn't match the ones embedded inside the binary [R1ght_l0g1n,P5rf5ct_passw0rd].
Now there is a routine that compares the username and password with 'Hobbit' and 'There_and_back_again' and if it matches, creates a file called hobbit.txt
on executing (hobbit.exe Hobbit There_and_back_again) hobbit.txt is created with the flag - J.R.R.Tolkien
Posts
0 comments:
Post a Comment