Hi All
Today i will write about a very easy challenge from Offensive LAB where you can solve it through using reverse engineering technique or by exploiting a format string in the binary so let's look together how :
You can download the challenge from main website : https://www.theoffensivelabs.com/p/infosec-challenges
Firstly let's do some binary verification :
Yes it's 64 bit binary for Linux system with header (not stripped) so reverse engineering is possible :
so the entry point of the program is well determined that nice but before starting the binary under a debugger let's try strings command :
Nothing but the blue surrounded word maybe it will be part of the key 😐
I have to try the normal execution of the program :
It seems that the binary just print your input great it s debugger time :
when we check main disassembly we have the usage of three function : strcat 2 time and printf
strcat :is for concatenating strings or two word so for sure they are used to construct the key
printf : is just to print our input in the command line
when debugging the binary we can see clearly that the first strcat it add the the word "MyS" to a location in memory : 0x7ffffffee26e
In the second strcat we see it add the word "3scr3t" to the same memory location
So the key is : MyS3scr3t
Nice the key is found but where is the format string vulnerability in the binary ?? 😋
Waaaw that's not printing our input it print something from the binary and it part of the secret Key
this format string in simple way format string vulnerability it s leak some information from the binary that not attended to be reached by the user yaaaah amazing right ?
But how to print the complete secret key ?
first let s get memory address that can be leaked :
now we are going the changing the leaked memory by %s :
Horaaah challenge done
Thank you for reading and don't forget to share with your friend and encourage us with a nice comment
You can keep learning by browsing all my post for beginner hacker
Kind regards
OffensiveNoob
