Upload:
5:12 PM 01/12/2024
Description
My F1rst S1mpl3 Cr4ckm3! ;D
kill_your_soul on 12:51 AM 01/17/2024: String "[!] D0 y0u th1nk 3v3ryth1ng 1s s0 s1mpl3?" is correct result of crackme?
cnathansmith on 12:28 AM 01/25/2024: There's another function that prints the flag and a buffer overflow that's possible, but ASLR is enabled and I couldn't find any way to leak an address to construct an input that would trigger it.
Obv you can just find the flag in the strings but I didn't think that was the point.
rootpalladium on 8:52 AM 01/27/2024: [+] FLAG{B3ST_R3V3RS3R} i got this by "string exefile | less"
I think it is right
MHanak on 9:12 PM 01/30/2024: i am a total beginner i know but if this is 0.2 above just opening a file in hex editor i am concerned about the scale reaching 6
cnathansmith on 7:30 AM 02/01/2024: @MHanak You can run strings on it to get the flag, and the false flags are retrievable just from checking the memcmp arguments. My final solution overcomplicated it just because I saw an opportunity to do so and get an interesting result, but it wasn't strictly necessary.
The difficulty ratings also tend to be fairly arbitrary. Just keep at it and push yourself to dig deep into anything you don't understand, and keep trying out different tools as you learn about them to understand what works best for you in different situations, and you'll be tearing into things left and right. It's just a lot of information to digest upfront.
AfkMaster on 8:40 PM 02/03/2024: strings ./h1dd3n_fl4g
FLAG{B3ST_R3V3RS3R}
codepin on 7:54 AM 04/19/2024: when i followed the steps outline in the solution posted by @cnathansmith; i got this error message::
'''
(base) aa@codepin:~/ree$ python exploit.py
[+] Starting local process './h1dd3n_fl4g': pid 7533
Traceback (most recent call last):
File "/home/aa/ree/exploit.py", line 23, in
print(r.recvuntil(b'[ ]', drop = 'true').decode('UTF-8'))
File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 341, in recvuntil
res = self.recv(timeout=self.timeout)
File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 106, in recv
return self._recv(numb, timeout) or b''
File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 176, in _recv
if not self.buffer and not self._fillbuffer(timeout):
File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/tube.py", line 155, in _fillbuffer
data = self.recv_raw(self.buffer.get_fill_size())
File "/home/aa/anaconda3/lib/python3.10/site-packages/pwnlib/tubes/process.py", line 688, in recv_raw
raise EOFError
EOFError
'''
So i found out that the EOFerror comes up when there is nothing, no login nor password, received by the stream.
I tried replacing the recvuntil() with the recvall() method to see if its not because of conflicting delimiters; os and the one provided for recvuntil.
i got this error:
'''
(base) aa@codepin:~/ree$ python exploit.py
[+] Starting local process './h1dd3n_fl4g': pid 8234
[+] Receiving all data: Done (0B)
[*] Process './h1dd3n_fl4g' stopped with exit code -11 (SIGSEGV) (pid 8234)
b''
'''
According to this error, nothing is received from the process.
May you please help me to fix this, please!!
You must me logged to submit a solution
Solution by cnathansmith:
Walk-through finding the fake response and then developing a buffer overflow to retrieve the real flag