flag

0

Papa brought me a packed present! let's open it. Download : http://pwnable.kr/bin/flag This is reversing task. all you need is binary

首先file命令查看文件类型为ELF 64-bit LSB executable,用ida64加载,看到sp-analysis failed,然后看到upx标志,推断加了upx壳。临时下了upx391w,直接在windows脱壳: 脱壳之后再用ida64加载,f5后main函数如下:

int __cdecl main(int argc, const char **argv, const char **envp)
{
    puts((__int64)"I will malloc() and strcpy the flag there. take it.");
    malloc(100LL);
    sub_400320();
    return 0;
}

直接看汇编指令看到这几行:

.text:000000000040117B                 call       malloc
.text:0000000000401180                 mov     [rbp+var_8], rax
.text:0000000000401184                 mov     rdx, cs:flag

flagjump to operand,按enter跳转到data,看到如下:

.data:00000000006C2070 flag            dq offset aUpx___?SoundsL ; DATA XREF: main+20r
.data:00000000006C2070                                         ; "UPX...? sounds like a delivery service ";...

aUpx___?SoundsL处继续按enter,即可看到完整flag:

Leave A Reply

苏ICP备16066660号-1

苏公网安备 32011502010432号