SHELL CTF How to Defeat a Dragon
Table of Contents
Prompt #
Dragonairre, the dragon with the hexadecimal head has attacked the village to take revenge on his last defeat, we need to get the ultimate weapon.
Analysis #
$ ./vault
Help us defeat the dragon!! Enter the code:22
wron..aaaaaahhhhhhhh
The decompiled code reveals that the hexadecimal number 0x10f2c
, or the decimal number 69420
(nice) is the code the program requires. My attempt at rewriting the main
function based on the above-mentioned decompilation is shown below:
int main() {
printf("Help us defeat the dragon!! Enter the code:");
int code;
scanf("%d", &code);
if (code == 0x10f2c) {
printf("Yeahh!!,we did it,We defeated the dragon.Thanks for your help here's your reward : %s", flag);
} else if (code == 0x45) {
printf("Nice,but this is not the code :(.");
} else if (code != 0x1a4) {
printf("wron..aaaaaahhhhhhhh");
} else {
printf("Bruh!! Seriously?");
}
return 0;
}
Solution #
After the supplying the expected code in decimal form, a flag-like output is introduced:
$ ./vault
Help us defeat the dragon!! Enter the code:69420
Yeahh!!,we did it,We defeated the dragon.Thanks for your help here's your reward : SHELLCTF{5348454c4c4354467b31355f523376337235316e675f333473793f7d}
However, the real flag is hexadecimally-encoded within the fake one, which is decoded with pwn unhex
below:
$ echo "5348454c4c4354467b31355f523376337235316e675f333473793f7d" | pwn unhex
SHELLCTF{15_R3v3r51ng_34sy?}