CTFtime.org

Old Devil

by JaXigt / CTSecUK

Rating:

# Old Devil
![Category](http://img.shields.io/badge/Category-Exploitation-orange?style=for-the-badge) ![Points](http://img.shields.io/badge/Points-30-brightgreen?style=for-the-badge)

## Details

>We found this program written by luciafer. She used it to hide a password in the form of a flag. See if you can find the flag in the program.
>
> [Download File](https://tinyurl.com/hdnyt6y7)
>
> SHA1: dbaec5a38890cb8977865f321de4bf0e8ad2604f
>
> Password: `d34df4c3`
---

Running the progrm we see the following;
```
❯ ./demon

Luciafer v1.0
Say the demon's name to gain access to the secret.
Enter the demon's name: 123

That is not the demon's name.
```

Lets try that again with `ltrace`

```
❯ ltrace ./demon
puts("\nLuciafer v1.0\nSay the demon's n"...
Luciafer v1.0
Say the demon's name to gain access to the secret.
) = 66
printf("Enter the demon's name: ") = 24
gets(0x7ffcfee67621, 0x559d7e90406a, 0, 0Enter the demon's name: 123
) = 0x7ffcfee67621
strcmp("123", "Adrammelech") = -16
puts("\nThat is not the demon's name."
That is not the demon's name.
) = 31
+++ exited (status 0) +++

```

We can see here that the program is calling a string compare function `strcmp()` agaisnt the value we entered `123` and comparing it to another string `Adrammelech`.

`strcmp("123", "Adrammelech")`

Lets try again using that string as the demon's name;

```
❯ ./demon

Luciafer v1.0
Say the demon's name to gain access to the secret.
Enter the demon's name: Adrammelech

You are correct.
flag{AdraMMel3ch}
```

## flag{AdraMMel3ch}

Original writeup (https://github.com/CTSecUK/DEADFACE_CTF_2021/blob/main/Write-ups/Exploitation/Old%20Devil%20(30%20Points).md).

Comments