M4st4rCr4ck's H1dd4n Fl4g

Author:
M4st4rCr4ck

Language:
C/C++

Upload:
2024-01-12 17:12

Download

Platform:
Unix/linux etc.

Difficulty:
1.5

Quality:
3.5

Arch:
x86

Downloads:
33

Size:
44.05 KB

Writeups:
1

Comments:
7

Description

My F1rst S1mpl3 Cr4ckm3! ;D

Comments (7)
Writeups (1)

You must be logged in to post a comment

kill_your_soul on 2024-01-17 00:51: String "[!] D0 y0u th1nk 3v3ryth1ng 1s s0 s1mpl3?" is correct result of crackme?

cnathansmith on 2024-01-25 00:28: There's another function that prints the flag and a buffer overflow that's possible, but ASLR is enabled and I couldn't find any way to leak an address to construct an input that would trigger it. Obv you can just find the flag in the strings but I didn't think that was the point.

rootpalladium on 2024-01-27 08:52: [Click to reveal]

MHanak on 2024-01-30 21:12: i am a total beginner i know but if this is 0.2 above just opening a file in hex editor i am concerned about the scale reaching 6

cnathansmith on 2024-02-01 07:30: @MHanak You can run strings on it to get the flag, and the false flags are retrievable just from checking the memcmp arguments. My final solution overcomplicated it just because I saw an opportunity to do so and get an interesting result, but it wasn't strictly necessary. The difficulty ratings also tend to be fairly arbitrary. Just keep at it and push yourself to dig deep into anything you don't understand, and keep trying out different tools as you learn about them to understand what works best for you in different situations, and you'll be tearing into things left and right. It's just a lot of information to digest upfront.

AfkMaster on 2024-02-03 20:40: [Click to reveal]

codepin on 2024-04-19 07:54: when i followed the steps outline in the solution posted by @cnathansmith; i got this error message:: ''' (base) aa@codepin:~/ree$ python exploit.py [+] Starting local process './h1dd3n_fl4g': pid 7533 Traceback (most recent call last): File "/home/aa/ree/exploit.py", line 23, in print(r.recvuntil(b'[ ]', drop = 'true').decode('UTF-8')) File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 341, in recvuntil res = self.recv(timeout=self.timeout) File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 106, in recv return self._recv(numb, timeout) or b'' File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 176, in _recv if not self.buffer and not self._fillbuffer(timeout): File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 155, in _fillbuffer data = self.recv_raw(self.buffer.get_fill_size()) File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/process.py", line 688, in recv_raw raise EOFError EOFError ''' So i found out that the EOFerror comes up when there is nothing, no login nor password, received by the stream. I tried replacing the recvuntil() with the recvall() method to see if its not because of conflicting delimiters; os and the one provided for recvuntil. i got this error: ''' (base) aa@codepin:~/ree$ python exploit.py [+] Starting local process './h1dd3n_fl4g': pid 8234 [+] Receiving all data: Done (0B) [*] Process './h1dd3n_fl4g' stopped with exit code -11 (SIGSEGV) (pid 8234) b'' ''' According to this error, nothing is received from the process. May you please help me to fix this, please!!

Show all spoilers

You must be logged in to submit a writeup

Solution by cnathansmith on 2024-01-27 00:50:
Walk-through finding the fake response and then developing a buffer overflow to retrieve the real flag

Download

crackmes.one

crackmes.one

M4st4rCr4ck's H1dd4n Fl4g