Skip to main content
  1. Posts/
  2. SHELL CTF/

SHELL CTF How to Defeat a Dragon

··204 words·1 min·
Table of Contents

Prompt #

Dragonairre, the dragon with the hexadecimal head has attacked the village to take revenge on his last defeat, we need to get the ultimate weapon.

Analysis #

$ ./vault
Help us defeat the dragon!! Enter the code:22
wron..aaaaaahhhhhhhh

The decompiled code reveals that the hexadecimal number 0x10f2c, or the decimal number 69420 (nice) is the code the program requires. My attempt at rewriting the main function based on the above-mentioned decompilation is shown below:

int main() {
	printf("Help us defeat the dragon!! Enter the code:");
	int code;
	scanf("%d", &code);
	if (code == 0x10f2c) {
		printf("Yeahh!!,we did it,We defeated the dragon.Thanks for your help here's your reward : %s", flag);
	} else if (code == 0x45) {
		printf("Nice,but this is not the code :(.");
	} else if (code != 0x1a4) {
		printf("wron..aaaaaahhhhhhhh");
	} else {
		printf("Bruh!! Seriously?");
	}
	return 0;
}

Solution #

After the supplying the expected code in decimal form, a flag-like output is introduced:

$ ./vault
Help us defeat the dragon!! Enter the code:69420
Yeahh!!,we did it,We defeated the dragon.Thanks for your help here's your reward : SHELLCTF{5348454c4c4354467b31355f523376337235316e675f333473793f7d}

However, the real flag is hexadecimally-encoded within the fake one, which is decoded with pwn unhex below:

$ echo "5348454c4c4354467b31355f523376337235316e675f333473793f7d" | pwn unhex
SHELLCTF{15_R3v3r51ng_34sy?}
Omri Bornstein
Author
Omri Bornstein
Software Engineer, Gopher, TeXnician