Return to forum

o2n · October 23, 2022 at 5:54 PM

great!

bozonas · October 23, 2022 at 5:59 PM

How did you make strace work in Reversing? It probable needs to be decoded, but no idea how

Meep · October 23, 2022 at 6:01 PM

(October 23, 2022, 05:50 PM)HTBContestant Wrote:
(October 23, 2022, 04:33 PM)Meep Wrote:
(October 23, 2022, 04:13 PM)tryingNew1 Wrote:

(October 23, 2022, 03:37 PM)Meep Wrote: A hint for Pwn: p.send(b'\xc9\x07\xcc\x00\x00\x00\x00\x00' + b'
')

pls be more specific

Use pwntools for python3, walk the program. My instructions to get the flag are T -> S -> \xc9\x07\xcc\x00\x00\x00\x00\x00 -> R -> L -> C. Don't forget newlines. Or use something to write the bytes as characters over nc.

Very cool. I'm curious, though, how you found that input value. When I tried it via netcat manually, I always ended up with values far away from 13371337. Is there a method/tool that can generate the correct sequence based on the desired values or did you brute force it until the value was correct?

No need to brute-force. Due to reversing it was clear it had to be 13371337. Looking at the structure that its retrieving from it's a union. Meaning we can overwrite the bits of the integer by putting the right characters into the union string array. For tasks like this I always use pwntools which works great for conversions and direct interaction with the program. So all I really had to do was take the 13371337 and reverse it to bytes (a char in C is equal to a byte). Now you have basically the correct value in both representations. pwntools made it easy to write to the program as stdin can be annoying. And always make sure you have the correct endianness.

YassQueen · October 23, 2022 at 6:21 PM

(October 23, 2022, 03:21 PM)Hacker2222 Wrote: web challenge:
ssti in mako templates

yass thank you i had bveen stuck on forensics <3

wyn0x · October 23, 2022 at 6:24 PM

(October 23, 2022, 03:21 PM)Hacker2222 Wrote: web challenge:
ssti in mako templates

Thanks

tsartsa · October 23, 2022 at 6:27 PM

(October 23, 2022, 05:59 PM)bozonas Wrote: How did you make strace work in Reversing? It probable needs to be decoded, but no idea how

Yeah I was wondering the same thing, doesn't help much

may123a · October 23, 2022 at 6:32 PM

thanks

a5bestG00s3 · October 23, 2022 at 6:40 PM

thanks my dude

karhu · October 23, 2022 at 6:44 PM

I've finished the Web, Pwn, and Forensics for Day 2. Working on the Reverse now. ;)

tryingNew1 · October 23, 2022 at 6:56 PM

(October 23, 2022, 04:33 PM)Meep Wrote:
(October 23, 2022, 04:13 PM)tryingNew1 Wrote:

(October 23, 2022, 03:37 PM)Meep Wrote: A hint for Pwn: p.send(b'\xc9\x07\xcc\x00\x00\x00\x00\x00' + b'
')

pls be more specific

Use pwntools for python3, walk the program. My instructions to get the flag are T -> S -> \xc9\x07\xcc\x00\x00\x00\x00\x00 -> R -> L -> C. Don't forget newlines. Or use something to write the bytes as characters over nc.

seems its not working for me tried with variatons but fails..

Something strange is coming out of the TV..

(T)ry to turn it off
(R)un
(C)ry

>> T

This does not seem to work.. (L)ie down or (S)cream

>> S

Maybe try a ritual?

>> \xc9\x07\xcc\x00\x00\x00\x00

(T)ry to turn it off
(R)un
(C)ry

>> R

This does not seem to work.. (L)ie down or (S)cream

>> L

Anything else to try?

>> 3976810808463292508

(T)ry to turn it off
(R)un
(C)ry

>> C

Sorry, this will not work!

(T)ry to turn it off
(R)un
(C)ry

>> T

This does not seem to work.. (L)ie down or (S)cream

>> S

Maybe try a ritual?

>> \xc9\x07\xcc\x00\x00\x00\x00\x00

Ncat: Broken pipe.

(October 23, 2022, 06:44 PM)karhu Wrote: I've finished the Web, Pwn, and Forensics for Day 2. Working on the Reverse now. ;)

any specific way on pwn ......

the source has a section to cat flag but how to do it?