Git-Mirrors/hacking-blogposts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hacking-blogposts/1/strings.md
oxeo0 4d81bfb2cb ignore blog posts in search
2025-05-07 20:09:09 +02:00

79 lines
2.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
search:
exclude: true
---
# Binary Exploitation
## Downloading the binary file
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/binexp/1]
→ wget https://github.com/guyinatuxedo/nightmare/raw/master/modules/03-beginner_re/pico18_strings/strings
--2021-02-22 17:12:22-- https://github.com/guyinatuxedo/nightmare/raw/master/modules/03-beginner_re/pico18_strings/strings
Resolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/guyinatuxedo/nightmare/master/modules/03-beginner_re/pico18_strings/strings [following]
--2021-02-22 17:12:22-- https://raw.githubusercontent.com/guyinatuxedo/nightmare/master/modules/03-beginner_re/pico18_strings/strings
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 776368 (758K) [application/octet-stream]
Saving to: strings
strings 100%[=======================================================================================================================================================================================================>] 758.17K --.-KB/s in 0.1s
2021-02-22 17:12:23 (5.86 MB/s) - strings saved [776368/776368]
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/binexp/1]
→ file strings
strings: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e337b489c47492dd5dff90353eb227b4e7e69028, not stripped
` ![]()
## Solution
The solution is fairly simple, first make the binary file executable, then run it:
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/binexp/1]
→ chmod +x strings
[ 192.168.100.126/24 ] [ /dev/pts/2 ] [~/binexp/1]
→ ./strings
Have you ever used the 'strings' function? Check out the man pages!
Here we are hinted at using the strings function, so we will do so and use grep to try and see if the flag appears, generally the flag contains {flaghash} so we can use grep to find it :
[ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/binexp/1]
→ strings strings | grep {
picoCTF{sTrIngS_sAVeS_Time_3f712a28}
And we're done!
![]()
## Title
text
` ![]()
## Title
text
` ![]()
Reference in a new issue View git blame Copy permalink