Encrypted Shellcode

pwn crypto x86/x64 FCSC 2021 solved on

star star star

Description

During an autit, you found these files and those commands:

$ dd if=/dev/urandom of=key.bin bs=16 count=1
$ ./esc -e < stereogram.png > stereogram.png.enc
$ ./esc < stereogram.png
[>] Done encrypting 1280731 bytes.
[2]    11735 segmentation fault  ./esc < stereogram.png

It seems that this crash has been exploited: can you figure out how and read flag.txt?

You don’t have key.bin, but the service provided gives access to esc (without arguments) using the same key.bin file as the one generated by the above command.

Files

  • docker-compose.yml
  • esc
    14.04 KiB – a3c4ac10a1dc8ee30efc803050686ccb9513e2156de0a9108a53f3d153a1ee69
  • stereogram.png
    1.22 MiB – 65bcaaedd01a54d6c90e078c5434a84d2924fb967cd062f7b9d7084947c7342b
  • stereogram.png.enc
    1.22 MiB – 44d181ae214355485af345f844bfaf22d3f991b61da58655f1afd05c0cdf0af7

Author

Cryptanalyse

Challenge Instructions

  1. First, download docker-compose.yml:
    curl https://hackropole.fr/challenges/fcsc2021-pwn-encrypted-shellcode/docker-compose.public.yml -o docker-compose.yml
  2. Launch the challenge by executing in the same folder:
    docker compose up
  3. Then, in another console, access the challenge with Netcat:
    nc localhost 4000
⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2023-11-06
voydstack
🇫🇷
TeamFrance