pwnable.kr —— flag

question#

Papa brought me a packed present! let's open it.

Download : http://pwnable.kr/bin/flag

This is reversing task. all you need is binary

analyse#

下载下来，先用pwntools来看下checksec

ubuntu@VM-0-3-ubuntu:~$ checksec flag
[*] '/home/ubuntu/flag'
    Arch:     amd64-64-little
    RELRO:    No RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      No PIE (0x400000)
    RWX:      Has RWX segments
    Packer:   Packed with UPX

可以看到有UPX的壳，使用UPX工具去壳 官方链接

ubuntu@VM-0-3-ubuntu:~/upx$ ./upx -d ../flag 
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2018
UPX 3.95        Markus Oberhumer, Laszlo Molnar & John Reiser   Aug 26th 2018

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
    883745 <-    335288   37.94%   linux/amd64   flag

Unpacked 1 file.

看起来好像没什么了，flag文件也非常的大

get flag#

用strings命令看下里面的字符串，得到flag

ubuntu@VM-0-3-ubuntu:~$ strings flag | grep ':)'
UPX...? sounds like a delivery service :)

flag：UPX...? sounds like a delivery service :)