By cating and grepping the file, we know that there was a file named /home/memes/flag.c It’s probably a program, so I searched for ./flag Just printing the line doesn’t seem to work so I tried cat memorydump | grep -A 10 -B 10 .
It’s clearly a python compiled program since there is a libpython and also, when using decompiler, there was a function name PyDontWriteByteCode using ‘pyi-archive-viewer’ we can extract the main function. Append headers to the file "\x03\xf3\x0d\x0a\xf1\x32\x75\x5a" using uncompyle, we can get the main function.
The binary loads the flag.txt to the memory and asks us to provide input. Interesting things is that it loads to the same memory segment with the input. Debugging locally, I found it at the offset 752 from the first input bytes.
wget -r fun.ritsec.club:8007 You may find the file Fl4gggg1337.html is referenced or has already been download. The flag wasn’t there, but it has link to Stars.html. Fetch that file, the base64 encoded string is the flag for this challenge.
By judging the program’s interface, we know that it was a heap challenge. Spent quite a lot of time reversing it, I figured it out that it malloc a few bytes for the person struct on the heap, then the name will be malloc with the size entered and that address will be put in the person struct.
babyOVERFLOW Exploit Tên file bài này gợi ý rất nhiều. “baby” thường được dùng trong CTF chỉ những bài đơn giản dành cho người mới “OVERFLOW” ở đây thì chỉ đến stack buffer overflow. Chạy nó, nhập vào thì nó in ra lại đúng như thế.