Vault
[reverse]
Vault
no description
- Download: tamu2020-vault
Recon
We run this program from gdb, set a breakpoint on strcmp and then read the flag from memory.
$ gdb ./vault
...
gdb-peda$ r
Starting program: ./vault
Enter password: test
Sorry, that isn't the right password.
[Inferior 1 (process 14622) exited normally]
Warning: not running
gdb-peda$ disas main
...
gdb-peda$ disas main
...
0x0000555555555364 <+155>: mov rax,QWORD PTR [rbp-0x8]
0x0000555555555368 <+159>: mov rsi,rdx
0x000055555555536b <+162>: mov rdi,rax
0x000055555555536e <+165>: call 0x555555555070 <strcmp@plt>
0x0000555555555373 <+170>: test eax,eax
0x0000555555555375 <+172>: jne 0x555555555385 <main+188>
0x0000555555555377 <+174>: lea rdi,[rip+0xca2] # 0x555555556020
0x000055555555537e <+181>: call 0x555555555030 <puts@plt>
0x0000555555555383 <+186>: jmp 0x555555555391 <main+200>
...
gdb-peda$ b *0x555555555070
Breakpoint 1 at 0x555555555070
gdb-peda$ r
Starting program: ./vault
Enter password: test
...
Breakpoint 1, 0x0000555555555070 in strcmp@plt ()
gdb-peda$ x/s $rax
0x555555559260: "gigem{p455w0rd_1n_m3m0ry1}"
Flag
gigem{p455w0rd_1n_m3m0ry1}