Installing Ghidra
sudo apt install ghidra
Download Rust Binary - flagchecker (63.4MB)
┌──(kali💀JesusCries)-[~/Desktop/flagchecker/target/debug]
└─$ sha256sum flagchecker
f6a7bea70e44d0ae8f7990f327b7be537e28cf81f3c5df400677c3f8294ed9ec flagchecker
- Untick
Create Address Tableunder Analysis Options (Analysis will take around ~10 minutes to complete) - Locate Main Function (Different entry point compared to classic C programs)
- Locate user-defined functions under
Symbol Tree>Namespaces - Import Ghidra Scripts under
Windows>Script Manager(Step 5 & 6) - Demangle Rust symbols using DemangleRust.py
- Analyze Crate dependencies using RustDependencyStrings.py
- Search for interesting strings
- Analyze
.rodatasection underProgram Trees - Analyze the usage of
reqwestandrot13in combination with other user-defined functions found underNamespaces - Refer to Rust Package Registry for reqwest and rot13
- We can benefit from the fact that Rust is an open source language
- There is a
Cargorepository with lots of Rust packages and.rodatasection contains some links to them. For example, the string"/root/.cargo/registry/src/github.com-{id}/reqwest"gives us a clue about a library of higher level HTTP client - There are links not only to Rust packages, but also to particular files in those packages.
Installing Sage
git clone https://github.com/sagemath/sage.git
cd sage
make configure
./configure
make
./sage
Installing Python Libraries
pip3 install pycryptodome
Sagemath Installation in DebianOS
git clone https://github.com/WesleyWong420/FSEC-SS-Sharing-Session.git
cd FSEC-SS-Sharing-Session/Docker
chmod +x build.sh
./build.sh
docker exec -it knockknock /bin/bash
root@47efb31454af:/# ifconfig
nc <docker0-IP> 9002
Download PCAP File - tcpdump.cap (1.2KB)
You will receive the flag by connecting to port 9002 if all the conditions are met.
- Enumerate installed services:
service --status-all - Replay knock sequence as observed from
tcpdump.cap:knock <docker0-IP> 7000:tcp 8000:udp 9000:tcp - Loot flag!