Admin UI 2 | Google CTF 2018

Google CTF 2018

Admin UI 2

That first flag was a dud, but I think using a similar trick to get the full binary file might be needed here. There is a least one password in there somewhere. Maybe reversing this will give you access to the authenticated area, then you can turn up the heat… literally.

You can find my all CTF solution in here

In the first admin UI we find the ./main executable. Firstly we must the download the executable file with bellow command

echo -e “2\n../main” | nc -v mngmnt-iface.ctfcompetition.com 1337 > output

After that we must modified the output like bellow (we must delete hex code before .ELF).

After that, we can open executable with IDA.

After some research, I found secondary_login function in the binary. I don’t have the IDA Pro so that, I must read the assembly code. When I look at the below graph, I realize the for loop with given _ZL4FLAG.  In the for loop password array XOR with 0xC7. So, If I found the _ZL4FLAG and XOR with 0xC7. I can find the password. 🙂

I think this is the _ZL4FLAG value.

I run this value bellow python code.

 

CTF{Two_PasSworDz_Better_th4n_1_k?}

One thought on “Admin UI 2 | Google CTF 2018

  1. Does your site have a contact page? I’m having a tough
    time locating it but, I’d like to send you an e-mail. I’ve got
    some recommendations for your blog you might
    be interested in hearing. Either way, great blog and I look forward to seeing
    it improve over time.

Leave a Reply

Your email address will not be published. Required fields are marked *