pwnable.kr-flag

题目描述:

Papa brought me a packed present! let’s open it.

Download : http://pwnable.kr/bin/flag

This is reversing task. all you need is binary

下载下来之后file一下:

➜ Desktop file flag
flag: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped

64位的ELF,直接拖到IDA里面看看,发现只有三个函数,而且并不能正常打开,目测是加壳了。于是在里面瞎翻,发现了upx的关键字,果断upx -d flag把壳脱了。重新拖进IDA,发现代码很简单:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  __int64 v3; // [email protected]

  puts("I will malloc() and strcpy the flag there. take it.", argv, envp);
  LODWORD(v3) = malloc(100LL);
  sub_400320(v3, flag);
  return 0;
}

malloc申请了一个100LL的地址,然后把flag复制进去了,直接查看flag的值,发现直接出现flag了:

UPX…? sounds like a delivery service 🙂

About the Author

admin

Leave a Reply

Your email address will not be published. Required fields are marked *