Steve programmed a service to authenticate him for administration purposes, take control...
Smells like a pwn challenge. We suck at pwn challenges. This wasn't a pwn challenge \o/
The file is a x64 binary. According to radare2, it first calls a
login function, which reads a file,
and the rest seems to be a classic fork() socket server.
The principal function, called by the server, is
It contains interesting strings like:
- Well done! Here is the flag: %s
- Please enter your username:
Some loops, some calls to strcmp, and
if you look carefully at what value is used for the
%d, you'll see that it's the return value of
The strcmp() function compares the two strings s1 and s2. It returns an integer less than, equal to, or greater than zero if s1 is found, respectively, to be less than, to match, or be greater than s2.
This allows us to cleverly bruteforce the login/password without reversing the binary further (modulo dirty tricks, but since it';s a 200 points chall, there shouldn't be any). We were extra-lazy, and didn't bother to write a simple-python script.
Please enter your username: 4dM1N15TR4T0R
Username correct, what is the password? THEpasswordISreallyLONGbutYOUllGETtoTHEendOFitEVENTUALLY
Well done! Here is the flag: YoMamaIsLikeHTML,SmallHeadAndHugeBody