Passwords
Last updated
Last updated
Charlie the C programmer forgot his password that will make the program print his flag! He also accidentally deleted his original source file, and may have made a mistake writing it in the first place...
Bonus chall: figure out what the mistake Charlie made was :)
We're giving nothing more than an executable. Let's get some information about it
So it's an executable. As expected. Let's try running it
It wants a password, as stated in the description, but we do not know it
Here, let's try running it through a debugger such as GDB with gdb ./a.out
We can see all of the functions. Let's put a breakpoint on main with b main. Then we can run the program with command run until it hits the breakpoint
The flag has to be stored somewhere, so let's try dumping out the assembler code with disas/s and get some juicy information.
What's really interesting is the call the strcmp followed by tons of putchar calls
It's likely the code here is calling strcmp to compare the user input to the password, and if the password is correct it puts, or prints out, the flag. These hex values that are being moved with mov look like ASCII characters.
This is the fun part.
We painstakingly copy each of these hex values and convert them to text.
For the curious, this is the whole concatenated hex string:
That being said, I'm not sure what the mistake Charlie made was...
uwctf{xkcdgoodpasswd_4676d47590b4876e}
