Rating:
ELF Crumble
-----------
The challenge present us with 8 fragment files and a "broken" binary.
A quick view of the binary shows that the first part is missing and replaced with X:
```
000005a0 55 89 e5 5d e9 57 ff ff ff 8b 14 24 c3 58 58 58 |U..].W.....$.XXX|
000005b0 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 |XXXXXXXXXXXXXXXX|
*
000008d0 58 58 58 58 8b 04 24 c3 66 90 66 90 66 90 66 90 |XXXX..$.f.f.f.f.|
000008e0 55 57 56 53 e8 c7 fb ff ff 81 c3 e7 16 00 00 83 |UWVS............|
```
Without thinking too much we launched a bruteforce script:
```python
from pwn import *
from itertools import permutations
from subprocess import Popen
import os
from tqdm import tqdm
def make_executable(path):
mode = os.stat(path).st_mode
mode |= (mode & 0o444) >> 2 # copy R bits to X
os.chmod(path, mode)
fragments = []
for i in range(8):
with open('./fragment_'+ str(i+1)+'.dat','r') as f:
fragments.append(f.read())
fragments = reversed(fragments)
for p in permutations(fragments):
with open('broken','r') as b:
bytes = b.read()
with open('try','w') as t:
t.write(bytes.replace('X'*(0x8d4-0x5ad), ''.join(p)))
make_executable('try')
p = subprocess.Popen(["./try"], stdout=subprocess.PIPE)
out, err = p.communicate()
if(len(out)>0): print out
```
This quickly prints out the flag.
