[CodeEngn] Basic RCE – Level 14
http://codeengn.com/challenges/basic/14
Find the Serial when the Name of CodeEngn
(This problem has several answers, and the answer should be a 5 digit number. Brute forcing is required.)
Ex: 11111
Packer là UPX, tiến hành unpack và mở bằng OllyDbg, dễ dàng tìm được gooboy:
[asm]0040133A |. 3BC6 cmp eax,esi
0040133C |. 75 15 jnz short <14.___badboy>
0040133E |. 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401340 |. 68 62344000 push 14.00403462 ; |Title = “Key/CrackMe #2 ”
00401345 |. 68 B8344000 push 14.004034B8 ; |Text = ” Good Job, I Wish You the Very Best”
0040134A |. 6A 00 push 0 ; |hOwner = NULL
0040134C |. E8 9D000000 call
00401351 |. EB 13 jmp short 14.00401366
00401353 >|> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401355 |. 68 62344000 push 14.00403462 ; |Title = “Key/CrackMe #2 ”
0040135A |. 68 86344000 push 14.00403486 ; |Text = ” You Have Enter A Wrong Serial, Please Try Again ”
0040135F |. 6A 00 push 0 ; |hOwner = NULL
00401361 |. E8 88000000 call
00401366 |> EB 15 jmp short 14.0040137D[/asm]
Đặt BP ở 0040133A và F9, điền username:key= CodeEngn:123456, nhấn Check:[asm]EAX 0001E240
ECX 00000000
EDX 00403139 ASCII “23456”
EBX 00000010
ESP 0018FBA8
EBP 0018FBA8
ESI 00012D91
EDI 00000000
EIP 0040133A 14.0040133A
[/asm]
Trong đó thấy ngay EAX = 0x001E240 = 123456 chính là key ta nhập vào, vậy thì ESI = 0x0012D91 = 76193 là…
“Brute forcing is required”? 
→ flag = 76193.
![[CodeEngn] Basic RCE – Level 01](https://ctf.yeuchimse.com/wp-content/themes/hueman/assets/front/img/thumb-medium-empty.png)
Recent comments