Given the nature of the topic, I'll create a general guide that could apply to a wide range of subjects, including modeling, personal branding, or online presence in 2021. If you had something more specific in mind, please let me know, and I'll do my best to tailor the guide accordingly.

3. Dynamic analysis – tracing the comparison

Since the binary is stripped we resort to a dynamic tracer. ltrace shows that the program only calls puts and strcmp, but the comparison is done inside the binary’s own code. The easiest way to see what is being compared is to attach with gdb and break on strcmp:

(gdb) break strcmp
(gdb) run

The program stops on the first (and only) call to strcmp. Inspect the arguments:

(gdb) info registers rdi rsi
rdi = 0x7fffffffdf78   // pointer to user‑input
rsi = 0x555555555000   // pointer to a buffer inside the binary

Dump the second buffer (the “expected” value):

(gdb) x/s 0x555555555000
0x555555555000:  "\x12\x4b\x5a\x00..."

It looks like binary data, not a plain string. So the program is comparing our raw input against an encrypted blob. The next step is to locate the routine that produces the plain text from this blob.

Case Study: Applying These Steps

If "vladmodelsy095alina44 2021" refers to a model or a personal brand, applying these steps could look like:

  • Define Your Brand: If Vlad and Alina are the names associated with the topic, they might focus on a fashion or lifestyle brand.
  • Choose Your Platforms: They could prioritize Instagram for its visual nature and large user base.
  • Develop Your Content Strategy: A mix of professional modeling shots, behind-the-scenes content, and lifestyle posts could engage their audience.
  • Engage with Your Audience: Responding to comments and possibly doing Q&A sessions could build a loyal following.

Step 5: Optimize Your Profiles

  • Use Keywords: Include relevant keywords in your bios and descriptions to improve discoverability.
  • Link to Your Other Profiles: Cross-promote your social media and modeling platform profiles.

6. Submitting the correct code

$ ./vladmodelsy095alina44
Enter the secret code:
S3cr3t_C0D3_2021_4l1n4
Correct! Here is the flag:
flagv1ct0rY_4s_4l1n4_2021

The flag format follows the CTF’s usual flag… pattern.

7. Full exploit (one‑liner)

If you prefer to automate the whole thing, a single Bash command can pipe the correct payload directly to the binary:

#!/bin/bash
# extract encrypted blob from the binary
enc=$(xxd -p -s $(readelf -S vladmodelsy095alina44 | \
    awk '/.rodata/ print $6' | head -1) -l 32 vladmodelsy095alina44)
# XOR with the binary name (hard‑coded here)
key="vladmodelsy095alina44"
len=$#key
plain=$(python3 - <<EOF
enc = bytes.fromhex("$enc")
key = b"$key"
out = bytes([enc[i] ^ key[i % $len] for i in range(len(enc))])
print(out.decode())
EOF
)
# feed it to the binary
printf "%s\n" "$plain" | ./vladmodelsy095alina44

Running the script prints the flag instantly.

相關文章

3 則留言

  1. Vladmodelsy095alina44: 2021 [repack]

    Given the nature of the topic, I'll create a general guide that could apply to a wide range of subjects, including modeling, personal branding, or online presence in 2021. If you had something more specific in mind, please let me know, and I'll do my best to tailor the guide accordingly.

    3. Dynamic analysis – tracing the comparison

    Since the binary is stripped we resort to a dynamic tracer. ltrace shows that the program only calls puts and strcmp, but the comparison is done inside the binary’s own code. The easiest way to see what is being compared is to attach with gdb and break on strcmp:

    (gdb) break strcmp
(gdb) run

    The program stops on the first (and only) call to strcmp. Inspect the arguments: vladmodelsy095alina44 2021

    (gdb) info registers rdi rsi
rdi = 0x7fffffffdf78   // pointer to user‑input
rsi = 0x555555555000   // pointer to a buffer inside the binary

    Dump the second buffer (the “expected” value):

    (gdb) x/s 0x555555555000
0x555555555000:  "\x12\x4b\x5a\x00..."

    It looks like binary data, not a plain string. So the program is comparing our raw input against an encrypted blob. The next step is to locate the routine that produces the plain text from this blob. Given the nature of the topic, I'll create

    Case Study: Applying These Steps

    If "vladmodelsy095alina44 2021" refers to a model or a personal brand, applying these steps could look like:

    • Define Your Brand: If Vlad and Alina are the names associated with the topic, they might focus on a fashion or lifestyle brand.
    • Choose Your Platforms: They could prioritize Instagram for its visual nature and large user base.
    • Develop Your Content Strategy: A mix of professional modeling shots, behind-the-scenes content, and lifestyle posts could engage their audience.
    • Engage with Your Audience: Responding to comments and possibly doing Q&A sessions could build a loyal following.

    Step 5: Optimize Your Profiles

    • Use Keywords: Include relevant keywords in your bios and descriptions to improve discoverability.
    • Link to Your Other Profiles: Cross-promote your social media and modeling platform profiles.

    6. Submitting the correct code

    $ ./vladmodelsy095alina44
Enter the secret code:
S3cr3t_C0D3_2021_4l1n4
Correct! Here is the flag:
flagv1ct0rY_4s_4l1n4_2021

    The flag format follows the CTF’s usual flag… pattern. The program stops on the first (and only) call to strcmp

    7. Full exploit (one‑liner)

    If you prefer to automate the whole thing, a single Bash command can pipe the correct payload directly to the binary:

    #!/bin/bash
# extract encrypted blob from the binary
enc=$(xxd -p -s $(readelf -S vladmodelsy095alina44 | \
    awk '/.rodata/ print $6' | head -1) -l 32 vladmodelsy095alina44)
# XOR with the binary name (hard‑coded here)
key="vladmodelsy095alina44"
len=$#key
plain=$(python3 - <<EOF
enc = bytes.fromhex("$enc")
key = b"$key"
out = bytes([enc[i] ^ key[i % $len] for i in range(len(enc))])
print(out.decode())
EOF
)
# feed it to the binary
printf "%s\n" "$plain" | ./vladmodelsy095alina44

    Running the script prints the flag instantly.

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料