Root Me: Cracking: ELF – 0 protection & ELF – x86 Basic

I’ve just found out about this amazing website which offers a wide variety of challenges.

Here’s my solution for the first challenge, this one is extremely easy, you just have to pay attention to the assembly code:

Screen Shot 2018-09-01 at 21.32.29.png

Observe that the password is in plaintext and is loaded into [ebp+s2].

[ebp+s1] is passed to [esp] and is a pointer to the getString function, I just assumed that the function gets a string from stdin and puts it into [ebp+s1].

The stdin string is put into [esp] and the plaintext password into [esp+4], and are passed to _strcmp. Next we can see that [ebp+s1] is compared to [ebp+s2]. We already know both strings. Thus the password is “123456789”.

In order to execute the binary I fired up an Ubuntu 32bit virtual machine using Valgrind and the following Valgrindfile:

Vagrant.configure("2") do |config|
    config.vm.box = "ubuntu/trusty32"
end

After ssh-ing into the valgrind machine, cd into /valgrind and execute the binary. The /valgrind folder should contain the the files of the directory where the Valgrindfile is located.

The second challenge has a similar solution:

mov [ebp+username], offset aJohn ; “john”
mov [ebp+pass], offset aTheRipper ; “the ripper”

Thanks for reading!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.