Posts

Showing posts from October, 2017

[GhostRed CTF - Owasp Israel 2017] Old School Cool - Writeup by blvckp

Image
[GhostRed CTF - Owasp Israel 2017] Old School Cool - Writeup by blvckp

At first we need to check if the executable was packed with a packer of some sort.
I’ll use “DetectItEasy” for this check:

Nice, the executable isn’t packed!

It’s now time for RE, let’s use IDA Pro. (I use the newest version - 7.0)
When I try to RE something I always open the “Strings window” first, to find some helpful messages which can have xrefs for important functions.


Okay, there is a message about the flag!
Let’s see the instruction listing of the first xref for this message.

I won’t show the whole structure of the program in one screenshot, only
the important part of the code. We can see that the return value of the last function in the following screenshot is being checked .



Green arrow - prints error message.
Red arrow - makes one more procedure and after it, prints the flag.