My First CTF

Pwnable’s CTF

So, after doing some contract web work I decided that I wasn’t sick enough of looking at a screen this night and signed up for pwnable.tw’s CTF. Not the first From the get-go, it’s clear I have no idea what I’m doing.

Image result for i have no idea what i'm doing

The ELF Binary

The “getting started” challenge has me downloading an ELF binary.

Well really, it’s got me running nc against a pwnable web address/port, but there’s a download link to an ELF binary in the challenge that seems to run the same code.

I know it’s an ELF binary because when I cat the binary, it starts with ELF. And, I know what an ELF binary is from my time working with metasploit (no posts on that yet, but check back soon).

Okay Google, tell me how to decompile an ELF binary.

This leads me to a very interesting but unfortunately way out-of-my-league post at manoharvanga.com. This post begins introducing me to linux debugging tools:

gdb, ptrace, strace, ltrace, file, strings, objdump

I’m getting really interesting output from all of these commands against my ELF binary, but I don’t know what half of them mean. Looking at the output from objdump is when I finally decide to throw up my hands, because I’m suddenly looking at some assembly code, and tonight is not the night I start re-learning how to interpret assembly.

Turns out this shit is hard, and despite the fact I’ve been running linux for several years now, and even written a bunch of code that “runs on Linux”*TM I have no fucking clue how to pass the very first challenge on a CTF.

Alright, time to cheat. I google a string I found in the CTF challenge and stumble across what looks like a walkthrough, that references a tool called Binary NinjaBinary Ninja is a pay-for-play tool, but they have a demo version available.

I open the binary in the demo version and…

Fuck, more assembly.

Screenshot from 2018-04-04 21-45-16.png

Clearly, I need to come back to this when I’ve studied more of wtf I’m doing.

Trump

Think it’s time to start scanning Donald Trump’s website surface area…