Description
Can you look at the data in this binary: static? This BASH script might help!
二つのファイルが渡される。(.bash,bainary)
とりあえず二つとも実行してみる
ltdis.sh
#!/bin/bash
echo "Attempting disassembly of $1 ..."
#This usage of "objdump" disassembles all (-D) of the first file given by
#invoker, but only prints out the ".text" section (-j .text) (only section
#that matters in almost any compiled program...
objdump -Dj .text $1 > $1.ltdis.x86_64.txt
#Check that $1.ltdis.x86_64.txt is non-empty
#Continue if it is, otherwise print error and eject
if [ -s "$1.ltdis.x86_64.txt" ]
then
echo "Disassembly successful! Available at: $1.ltdis.x86_64.txt"
echo "Ripping strings from binary with file offsets..."
strings -a -t x $1 > $1.ltdis.strings.txt
echo "Any strings found in $1 have been written to $1.ltdis.strings.txt with file offset"
else
echo "Disassembly failed!"
echo "Usage: ltdis.sh <program-file>"
echo "Bye!"
fi
>bash ltdis.sh
Attempting disassembly of ...
Disassembly successful! Available at: .ltdis.x86_64.txt
Ripping strings from binary with file offsets...
staticをとりあえずa.outとコピーし実行すると
$ ./a.out
Oh hai! Wait what? A flag? Yes, it's around here somewhere!
実行結果からみてbashファイルにstaticを読み込ませれば良さそう。
$ bash ltdis.sh static
Attempting disassembly of static ...
Disassembly successful! Available at: static.ltdis.x86_64.txt
Ripping strings from binary with file offsets...
Any strings found in static have been written to static.ltdis.strings.txt with file offset
出力されたstatic.ltdis.x86_64.txtを見てみるとフラグが書かれている。
picoCTF{d15a5m_t34s3r_1e6a7731}