- Details
- Written by Michael Bann
This was an exploit challenge that serves as a nice introduction to the concept of Stack Smashing Protector leaking.
$ file checker
checker: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=93df47896b068ea44ddcd0b97780375cd589987e, not stripped
- Details
- Written by Michael Bann
Category: Forensics Points: 50 Solves: Description:
Is kill can fix? Sign the autopsy file?
In this challenge we get a file named "kill.pcapng". However, running wireshark on will not open it:
- Details
- Written by Michael Bann
This reversing challenge is a good example of how you can solve a problem a few different ways. I initially solved this challenge symbolically (which i believe is the easiest way, actually). However, the challenge can also be solved dynamically which is what the authors intended. I will go over both solutions here.
$ file neophyte_reversing_ccabcc8f0b9900638a75017f2d6dc029
neophyte_reversing_ccabcc8f0b9900638a75017f2d6dc029: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=f382dd94583c7310bc8b3dd538e9e604f5a6ee38, stripped
- Details
- Written by Michael Bann
$ file tyro_heap_29d1e9341f35f395475bf16aa988e29b
tyro_heap_29d1e9341f35f395475bf16aa988e29b: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=b9cc5866c5aacc7a4c92657f5c2b14a95eae68cb, not stripped
Looks like a nice 32-bit executable, symbols still intact. Given the name, this has something to do with exploiting a heap bug. Best thing to do is just play with the binary.