Description: Learn how to interact with a process and solve the quiz.
nc ctf.k3rn3l4rmy.com 2200
Attachments: https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/pwntools-intro/pwntools_intro https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/pwntools-intro/badseed
For this challenge we have a binary and a template file that demonstrates everything you need to know about the pwntools library to solve a basic pwn challenge.
What we want to do at the start is basically the same for every pwn challenge, we check the obvious things first. We first need to know what type of file we're dealing with, so we run file badseed in our Linux terminal.
It's a 64-bit ELF that's not stripped, meaning that we can read the original function names. Now let's make it executable and run it to find out what we have to do.
$ chmod +x badseed
$ ./badseed
how heavy is an asian elephant on the moon?
idk
wrong bye bye
It looks like a quiz, we already knew that from the challenge description. But now we have to get the answers. With the strings command, we can easily check if there are any hardcoded answers in the binary. We don't find any answers, but we do get other interesting strings!
$ strings badseed
...
how heavy is an asian elephant on the moon?
great 2nd question:
give me the rand() value
wrong bye bye
great 3rd question:
no hint this time... you can do it?!
great heres your shell
...
We now know the questions and the fact that it gives us a shell when we get all three questions right.
As I said earlier, try the obvious first. let's run strace and ltrace to see if there are any interesting system or library calls. I was not able to get something out of that, so now we have to disassemble the binary.
I'm going to use Ghidra for this, since it's free and it's able to convert the disassembled code into much more readable C code.
First, we import the binary into Ghidra and press all the analyze buttons.