{"id":254,"date":"2023-06-19T06:06:06","date_gmt":"2023-06-18T21:06:06","guid":{"rendered":"https:\/\/h4ck.kr\/?p=254"},"modified":"2024-05-22T17:08:28","modified_gmt":"2024-05-22T08:08:28","slug":"flag","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=254","title":{"rendered":"flag"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"asm\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ubuntu@WSL2:~\/CTF\/pwnable.kr\/flag$ wget http:\/\/pwnable.kr\/bin\/flag\n--2023-06-19 05:18:03--  http:\/\/pwnable.kr\/bin\/flag\nResolving pwnable.kr (pwnable.kr)... 128.61.240.205\nConnecting to pwnable.kr (pwnable.kr)|128.61.240.205|:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 335288 (327K)\nSaving to: \u2018flag\u2019\n\nflag                          100%[=================================================>] 327.43K   432KB\/s    in 0.8s\n\n2023-06-19 05:18:05 (432 KB\/s) - \u2018flag\u2019 saved [335288\/335288]\n\nubuntu@WSL2:~\/CTF\/pwnable.kr\/flag$ file flag\nflag: ELF 64-bit LSB executable, x86-64, version 1 (GNU\/Linux), statically linked, no section header<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">x86-64 \uc544\ud0a4\ud14d\ucc98\ub85c \ucef4\ud30c\uc77c\ub41c \ub9ac\ub205\uc2a4\uc5d0\uc11c \ub3cc\uc544\uac00\ub294 \ubc14\uc774\ub108\ub9ac\ub2e4.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"asm\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ubuntu@WSL2:~\/CTF\/pwnable.kr\/flag$ .\/flag\nI will malloc() and strcpy the flag there. take it.<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\uc2e4\ud589\ud558\uba74 \ub9e4\uac1c\ubcc0\uc218 \ubc1b\ub294\uac70 \uc0c1\uad00\uc5c6\uc774 &#8220;I will malloc() and strcpy the flag there. take it.&#8221;\ub97c \ucd9c\ub825\ud558\uace0 \uc885\ub8cc\ud55c\ub2e4.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\ud480\uc774<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">strings [\uc635\uc158] [\ud30c\uc77c]<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">\uc704 \uba85\ub839\uc5b4\ub85c \ud30c\uc77c\uc758 \uc778\uc1c4 \uac00\ub2a5\ud55c \ubb38\uc790\uc5f4\uc744 \ucd94\ucd9c\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\uc635\uc158\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>-a, &#8211;all \ub370\uc774\ud130 \uc139\uc158\ubfd0\ub9cc \uc544\ub2c8\ub77c \ud30c\uc77c \uc804\uccb4\ub97c \uc2a4\uce94\ud569\ub2c8\ub2e4 [\uae30\ubcf8\uac12]<\/li>\n\n\n\n<li>-d, &#8211;data \ud30c\uc77c\uc5d0\uc11c \ub370\uc774\ud130 \uc139\uc158\ub9cc \uc2a4\uce94\ud55c\ub2e4.<\/li>\n\n\n\n<li>-f, &#8211;print-file-name \uac01 \ubb38\uc790\uc5f4 \uc55e\uc5d0 \ud30c\uc77c \uc774\ub984\uc744 \uc778\uc1c4\ud55c\ub2e4.<\/li>\n\n\n\n<li>-n &lt;\uc22b\uc790&gt; \ucd5c\uc18c\ud55c &lt;\uc22b\uc790&gt; \uac1c\uc758 \ubb38\uc790\ub85c \uc774\ub8e8\uc5b4\uc9c4 \uc5f0\uc18d\ub41c \ubb38\uc790\uc5f4\uc744 \ucc3e\uc544 \ucd9c\ub825\ud55c\ub2e4.<\/li>\n\n\n\n<li>&#8211;bytes=&lt;\uc22b\uc790&gt; \ud45c\uc2dc \uac00\ub2a5\ud55c \ubb38\uc790\uc758 \uac1c\uc218\ub97c \uc9c0\uc815\ud55c\ub2e4. (\uae30\ubcf8\uac12\uc740 4).<\/li>\n\n\n\n<li>-t, &#8211;radix={o,d,x} \ubb38\uc790\uc5f4\uc758 \uc704\uce58\ub97c 8\uc9c4\uc218, 10\uc9c4\uc218 \ub610\ub294 16\uc9c4\uc218\ub85c \ucd9c\ub825\ud55c\ub2e4<\/li>\n\n\n\n<li>-w, &#8211;include-all-whitespace \ubaa8\ub4e0 \uacf5\ubc31\uc744 \uc720\ud6a8\ud55c \ubb38\uc790\ub85c \ud3ec\ud568\ud55c\ub2e4<\/li>\n\n\n\n<li>-o &#8211;radix=o\uc640 \ub3d9\uc77c<\/li>\n\n\n\n<li>-T, &#8211;target= \uc774\uc9c4 \ud30c\uc77c \ud615\uc2dd\uc744 \uc9c0\uc815\ud55c\ub2e4<\/li>\n\n\n\n<li>-e, &#8211;encoding={s,S,b,l,B,L} \ubb38\uc790 \ud06c\uae30\uc640 \uc5d4\ub514\uc548\uc744 \uc120\ud0dd\ud55c\ub2e4. s = 7\ube44\ud2b8, S = 8\ube44\ud2b8, {b,l} = 16\ube44\ud2b8, {B,L} = 32\ube44\ud2b8<\/li>\n\n\n\n<li>&#8211;unicode={default|show|invalid|hex|escape|highlight}<\/li>\n\n\n\n<li>-U {d|s|i|x|e|h} UTF-8 \uc778\ucf54\ub529\ub41c \uc720\ub2c8\ucf54\ub4dc \ubb38\uc790\uc758 \ucc98\ub9ac \ubc29\ubc95\uc744 \uc9c0\uc815\ud55c\ub2e4.<\/li>\n\n\n\n<li>-s, &#8211;output-separator=&lt;\ubb38\uc790\uc5f4&gt; \ucd9c\ub825\uc5d0\uc11c \ubb38\uc790\uc5f4\uc744 \uad6c\ubd84\ud558\ub294 \ub370 \uc0ac\uc6a9\ud560 \ubb38\uc790\uc5f4\uc744 \uc9c0\uc815\ud55c\ub2e4.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\ucd94\ucd9c\ud558\uba74 UPX\ub85c \ud328\ud0b9\ub41c \ubc14\uc774\ub108\ub9ac\uc778\uac78 \uc54c \uc218 \uc788\ub2e4.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"asm\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ubuntu@WSL2:~\/CTF\/pwnable.kr\/flag$ strings -tx .\/flag\nb4 UPX!\n...\n4a656 $Info: This file is packed with the UPX executable packer http:\/\/upx.sf.net $\n4a6a5 $Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $\n...\n51d8c UPX!\n51d94 UPX!<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\ubc14\uc774\ub108\ub9ac\ub97c \uc5b8\ud328\ud0b9\ud558\uae30 \uc704\ud574 upx -d &lt;\ud30c\uc77c&gt; \uba85\ub839\uc5b4\ub97c \uc785\ub825\ud55c\ub2e4.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"avrasm\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ubuntu@WSL2:~\/CTF\/pwnable.kr\/flag$ upx -d .\/flag\n                       Ultimate Packer for eXecutables\n                          Copyright (C) 1996 - 2020\nUPX 3.96        Markus Oberhumer, Laszlo Molnar &amp; John Reiser   Jan 23rd 2020\n\n        File size         Ratio      Format      Name\n   --------------------   ------   -----------   -----------\n    883745 &lt;-    335288   37.94%   linux\/amd64   flag\n\nUnpacked 1 file.<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\uadf8\ub9ac\uace0 \uc815\uc801 \ubd84\uc11d\uc744 \ud558\uba74 \ub41c\ub2e4.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"c\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">undefined8 main(void)\n\n{\n  char *__dest;\n  \n  puts(\"I will malloc() and strcpy the flag there. take it.\");\n  __dest = (char *)malloc(100);\n  strcpy(__dest,flag);\n  return 0;\n}<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"asm\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">        flag\n        006c2070 28  66  49       addr       s_UPX...?_sounds_like_a_delivery_s_00496628      = \"UPX...? sounds like a deliver\n                 00  00  00 \n                 00  00\n        006c2078 00              ??         00h\n        006c2079 00              ??         00h\n        006c207a 00              ??         00h\n<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"asm\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">        s_UPX...?_sounds_like_a_delivery_s_00496628\n        00496628 55  50  58       ds         \"UPX...? sounds like a delivery service :)\"\n                 2e  2e  2e \n                 3f  20  73 \n<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>x86-64 \uc544\ud0a4\ud14d\ucc98\ub85c \ucef4\ud30c\uc77c\ub41c \ub9ac\ub205\uc2a4\uc5d0\uc11c \ub3cc\uc544\uac00\ub294 \ubc14\uc774\ub108\ub9ac\ub2e4. \uc2e4\ud589\ud558\uba74 \ub9e4\uac1c\ubcc0\uc218 \ubc1b\ub294\uac70 \uc0c1\uad00\uc5c6\uc774 &#8220;I will malloc() and strcpy the flag there. take it.&#8221;\ub97c \ucd9c\ub825\ud558\uace0 \uc885\ub8cc\ud55c\ub2e4. \ud480\uc774 strings [\uc635\uc158] [\ud30c\uc77c] \uc704 \uba85\ub839\uc5b4\ub85c \ud30c\uc77c\uc758 \uc778\uc1c4 \uac00\ub2a5\ud55c \ubb38\uc790\uc5f4\uc744 \ucd94\ucd9c\ud560 \uc218 \uc788\ub2e4. \uc635\uc158\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4. \ucd94\ucd9c\ud558\uba74 UPX\ub85c \ud328\ud0b9\ub41c \ubc14\uc774\ub108\ub9ac\uc778\uac78 \uc54c \uc218 \uc788\ub2e4. \ubc14\uc774\ub108\ub9ac\ub97c \uc5b8\ud328\ud0b9\ud558\uae30 \uc704\ud574 upx -d &lt;\ud30c\uc77c&gt; \uba85\ub839\uc5b4\ub97c \uc785\ub825\ud55c\ub2e4. \uadf8\ub9ac\uace0 \uc815\uc801&hellip;&nbsp;<a href=\"https:\/\/h4ck.kr\/?p=254\" rel=\"bookmark\">\ub354 \ubcf4\uae30 &raquo;<span class=\"screen-reader-text\">flag<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[24],"class_list":["post-254","post","type-post","status-publish","format-standard","hentry","category-pwnable-kr","tag-reversing"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=254"}],"version-history":[{"count":36,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/254\/revisions"}],"predecessor-version":[{"id":294,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/254\/revisions\/294"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}