aaron/htb-santa-ctf
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add solved / day 1 / reversing

Browse Source
This commit is contained in:
aaron
2021-12-01 23:53:56 +01:00
parent 1d5f0f4169
commit 7b79e5178a
12 changed files with 2595 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
1/reversing/flag Normal file
View File

@@ -0,0 +1,71 @@
strace ./client 209.97.142.217 32526
execve("./client", ["./client", "209.97.142.217", "32526"], 0x7ffc4e4c8a00 /*
56 vars */) = 0
brk(NULL) = 0x55ce61a03000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffce65714a0) = -1 EINVAL (Invalid
argument)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=164116, ...}, AT_EMPTY_PATH) =
0
mmap(NULL, 164116, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fbbc02d0000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`|\2\0\0\0\0\0"..., 832)
= 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
784, 64) = 784
pread64(3, "\4\0\0\0@\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0"...,
80, 848) = 80
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0K@g7\5w\10\300\344\306B4Zp<G"..., 68,
928) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=2150424, ...}, AT_EMPTY_PATH)
= 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fbbc02ce000
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
784, 64) = 784
mmap(NULL, 1880536, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fbbc0102000
mmap(0x7fbbc0128000, 1355776, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7fbbc0128000
mmap(0x7fbbc0273000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x171000) = 0x7fbbc0273000
mmap(0x7fbbc02bf000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bc000) = 0x7fbbc02bf000
mmap(0x7fbbc02c5000, 33240, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fbbc02c5000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fbbc0100000
arch_prctl(ARCH_SET_FS, 0x7fbbc02cf580) = 0
mprotect(0x7fbbc02bf000, 12288, PROT_READ) = 0
mprotect(0x55ce611b1000, 4096, PROT_READ) = 0
mprotect(0x7fbbc0327000, 8192, PROT_READ) = 0
munmap(0x7fbbc02d0000, 164116) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(32526),
sin_addr=inet_addr("209.97.142.217")}, 16) = 0
recvfrom(3,
"\377\320\5\355\203\314\322\252\322\314\203\35I\274\27)\340\347]\17\234\31\377\316\20V*y*\24[]",
32, 0, NULL, NULL) = 32
sendto(3,
"][\24*y*V\20\316\377\31\234\17]\347\340)\27\274I\35\203\314\322\252\322\314\203\355\5\320\377",
32, 0, NULL, 0) = 32
recvfrom(3,
"\330|a?\7\212j\321\256C\37\33:\31\215x\325\327p\3528\202N\361V:\207\r\275\255+=",
32, 0, NULL, NULL) = 32
sendto(3,
"\205'u\25~\240<\301`\274\6\2075Dj\230\374\300\314\243%\1\202#\374\350K\216P\250\373\302",
32, 0, NULL, 0) = 32
recvfrom(3, "\0", 1, 0, NULL, NULL) = 1
recvfrom(3, "HTB{n0t_qu1t3_s0_0p4qu3}", 1024, 0, NULL, NULL) = 24
newfstatat(1, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...},
AT_EMPTY_PATH) = 0
brk(NULL) = 0x55ce61a03000
brk(0x55ce61a24000) = 0x55ce61a24000
write(1, "[!] Untrusted Client Location - "..., 53[!] Untrusted Client Location
- Enabling Opaque Mode
) = 53
exit_group(0) = ?
+++ exited with 0 +++

0
1/reversing/ghidra/htb-day1-reversing.gpr Normal file
View File

11
1/reversing/ghidra/htb-day1-reversing.rep/idata/00/00000000.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="a01e7ae811396306324344" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="client" />
</BASIC_INFO>
</FILE_INFO>

BIN
1/reversing/ghidra/htb-day1-reversing.rep/idata/00/~00000000.db/db.3.gbf Normal file
View File

Binary file not shown.

4
1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

5
1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000000:client:a01e7ae811396306324344
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

2
1/reversing/ghidra/htb-day1-reversing.rep/idata/~journal.bak Normal file
View File

@@ -0,0 +1,2 @@
IADD:00000000:/client
IDSET:/client:a01e7ae811396306324344

6
1/reversing/ghidra/htb-day1-reversing.rep/project.prp Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="OWNER" TYPE="string" VALUE="aaron" />
</BASIC_INFO>
</FILE_INFO>

2484
1/reversing/ghidra/htb-day1-reversing.rep/projectState Normal file
View File

File diff suppressed because it is too large Load Diff

4
1/reversing/ghidra/htb-day1-reversing.rep/user/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

4
1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

4
1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e