![[pwnable.kr][Toddler] flag 문제풀이](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9928E6495B713A782B)
Flag
해당 바이너리를 다운받아 실행해보면
root@kali:~/BoB7/pwnable/flag# ./flag I will malloc() and strcpy the flag there. take it.
위와 같이 뜬다.
root@kali:~/BoB7/pwnable/flag# checksec flag
[*] '/root/BoB7/pwnable/flag/flag'
Arch: amd64-64-little
RELRO: No RELRO
Stack: No canary found
NX: NX disabled
PIE: No PIE (0x400000)
RWX: Has RWX segments
Packer: Packed with UPX
checksec로 확인해보면 UPX로 실행압축 되었음을 알 수 있다.
root@kali:~/BoB7/pwnable/flag# upx -d flag -o flag_un
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2017
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017
File size Ratio Format Name
-------------------- ------ ----------- -----------
883745 <- 335288 37.94% linux/amd64 flag_un
Unpacked 1 file.
압축을 해제하고 gdb로 살펴보았다.
gdb-peda$ disas main Dump of assembler code for function main: 0x0000000000401164 <+0>: push rbp 0x0000000000401165 <+1>: mov rbp,rsp 0x0000000000401168 <+4>: sub rsp,0x10 0x000000000040116c <+8>: mov edi,0x496658 0x0000000000401171 <+13>: call 0x402080 <puts> 0x0000000000401176 <+18>: mov edi,0x64 0x000000000040117b <+23>: call 0x4099d0 <malloc> 0x0000000000401180 <+28>: mov QWORD PTR [rbp-0x8],rax 0x0000000000401184 <+32>: mov rdx,QWORD PTR [rip+0x2c0ee5] # 0x6c2070 <flag> 0x000000000040118b <+39>: mov rax,QWORD PTR [rbp-0x8] 0x000000000040118f <+43>: mov rsi,rdx 0x0000000000401192 <+46>: mov rdi,rax 0x0000000000401195 <+49>: call 0x400320 0x000000000040119a <+54>: mov eax,0x0 0x000000000040119f <+59>: leave 0x00000000004011a0 <+60>: ret End of assembler dump.
main 함수 부분을 보니 당당하게 flag라고 주석이 되어 있다.
flag : UPX...? sounds like a delivery service :)
잘못 된 개념을 서술하였거나, 잘못 풀이된 내용이 있으면 댓글 달아주시면 감사합니다 :) 태클 댓글이나 메일(513.eunice@gmail.com) 환영입니다 !! 😊☺️👍 |