Google CTF 2018
Admin UI 2
That first flag was a dud, but I think using a similar trick to get the full binary file might be needed here. There is a least one password in there somewhere. Maybe reversing this will give you access to the authenticated area, then you can turn up the heat… literally.
You can find my all CTF solution in here
In the first admin UI we find the ./main executable. Firstly we must the download the executable file with bellow command
echo -e “2\n../main” | nc -v mngmnt-iface.ctfcompetition.com 1337 > output
After that we must modified the output like bellow (we must delete hex code before .ELF).
After that, we can open executable with IDA.
After some research, I found secondary_login function in the binary. I don’t have the IDA Pro so that, I must read the assembly code. When I look at the below graph, I realize the for loop with given _ZL4FLAG. In the for loop password array XOR with 0xC7. So, If I found the _ZL4FLAG and XOR with 0xC7. I can find the password. 🙂
I think this is the _ZL4FLAG value.
I run this value bellow python code.
a = """84 93 81 BC 93 B0 A8 98 97 A6 B4 94 B0 A8 B5 83 BD 98 85 A2 B3 B3 A2 B5 98 B3 AF F3 A9 98 F6 98 AC F8 BA """
a = bytearray(a.replace(" ", "").replace("\n", "").decode('hex'))
b = ""
for c in a:
b += chr(c ^ 0xc7)