destructeur's Sh4ll10



7:39 PM 05/05/2019


Unix/linux etc.


A little crackme so you don't forget that the only thing you can trust is assembler. You don't need to open a debugger for this one.

b3n on 10:37 PM 05/21/2019: Is the program supposed to segfault? Is the goal to fix the segfault?

destructeur on 11:45 AM 05/22/2019: Yes, the goal is to fix the segfault by submitting the good string. You don't need any patching or debugging for this one. You just need to read the main function to understand the Crackme. Good luck

b3n on 5:40 PM 05/23/2019: Thanks @destructeur, after your tip I was able to correct the segfault and become a "good boy". I'm curious to see the source, though, because the parameters for scanf seem so weird and threw me off the trail for a bit (73 xor 3 ?). Did you purposely do this, or was this some compiler optimization? Really enjoyed the crackme, thanks.

destructeur on 7:21 PM 05/23/2019: I did 's' (0x73) ^ 0x03 on purpose to throw you off so that if you read badly the routine, you could think that the scanf take the parameter '%s'. I don't know if it was your case. I usually don't upload the source code but it can be a good idea for my next crackmes.

b3n on 7:28 PM 05/23/2019: Yep, that little obfuscation threw me off for a bit. Thanks for the explanation.

destructeur on 7:32 PM 05/23/2019: No problem, Good job!

Bilbin on 5:18 AM 06/15/2019: I'll be honest. That scanf was pretty weird. Threw me off a bit, but I got it. Great beginner challenge.

Bilbin on 5:19 AM 06/15/2019: '"

Bilbin on 5:19 AM 06/15/2019: %27%22%3E%3Csvg%2Fonload%3D%22alert%28%29%22%3E

destructeur on 10:13 AM 06/15/2019: Good job Bilbin, but the goal is not to find a XSS on the comment section.