CTF-rootme 题解之ELF64 - PID encryption

LINK:https://www.root-me.org/en/Challenges/Cryptanalysis/ELF64-PID-encryption

SourceCode:(Linux隐藏进程的源代码)

    /*
     * gcc ch21.c -lcrypt -o ch21
     */
     
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <crypt.h>
    #include <sys/types.h>
    #include <unistd.h>
     
    int main (int argc, char *argv[]) {
        char pid[16];
        char *args[] = { "/bin/bash", "-p", 0 };
     
        snprintf(pid, sizeof(pid), "%i", getpid());
        if (argc != 2)
            return 0;
     
        printf("%s=%s",argv[1], crypt(pid, "$1$awesome"));
     
        if (strcmp(argv[1], crypt(pid, "$1$awesome")) == 0) {
            printf("WIN!\n");
            execve(args[0], &args[0], NULL);
     
        } else {
            printf("Fail... :/\n");
        }
        return 0;
    }

 Decrypt SourceCode:

/*Once we know the PID it is easy to know what to do next*/
/*You have to cd /tmp and vim break.c */
/*Paste the code below into it */
/* cryptanalyse-ch21@challenge01:~$ pwd
 * 	/challenge/cryptanalyse/ch21 */

#include <crypt.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>

int main()
{
		char pid[16];
			snprintf(pid, sizeof(pid), "%i", getpid());
				execl("/challenge/cryptanalyse/ch21/ch21", "ch21", crypt(pid, "$1$awesome"), NULL);
}

/*
 * ** gcc break.c -o solution -lcrypt
 * ** We know that pid is ch21.c
 * ** run ./solution
 * ** -/q2/a9d6e31D
 * */

 

posted @ 2019-03-18 19:41  heycomputer  阅读(1927)  评论(0编辑  收藏  举报