Throughout your security adventure, you will need to think outside the box and interact with a lot of different software. This module will walk you through quite a few scenarios of such thinking and such interacting. As you embark on this journey, remember: this is only the beginning.
This dojo errs heavily on the side of comprehensiveness. However, many students enter the dojo already knowing the intricacies of, for example, scripting interactions. Some others may be fast learners, and though some review of these concepts are good for these hackers, they might not need all nearly-200 challenges in this dojo to drive home the point. For this beginning of your journey, feel free to meander, dig in where you feel compelled to do so, and move on when you are sated.
Dealing with Data
Computer software communicates with each other by exchanged variously-formatted data via various communication channels. Learning about this concurrently with learning about security concepts can be overwhelming, and thus, this module tries to prepare you for the latter by covering the former.
In this module, you will learn the different ways data is reasoned about by programs. In the future, this will help you carefully craft that data to break the recipient program’s security!
what’s the password?
use file to print the information of program /challenge/runme , then we can find out that this file is a ASCII text executable file with Python.
1 2
$ file /challenge/runme /challenge/runme: setuid a /usr/bin/exec-suid -- /bin/python3 -I script, ASCII text executable
According to this information, we can use cat to read this file:
print("Enter the password:") entered_password = sys.stdin.buffer.read1().strip() correct_password = b"mlsgeypk"
print(f"Read älen(entered_password)å bytes.")
if entered_password == correct_password: print("Congrats! Here is your flag:") print(open("/flag").read().strip()) else: print("Incorrect!") sys.exit(1)
Based on the information above, the corrcet_password is mlsgeypk which is expected by the program.
1 2 3 4 5 6
$ /challenge/runme Enter the password: mlsgeypk Read 8 bytes. Congrats! Here is your flag: pwn.college{ktKWtSkIC9xjMunZFPKyqgFyYkP.dlDN2QTMsMzN4EzW}
$ python Python 3.12.8 (main, Dec 3 2024, 18:42:41) [GCC 13.3.0] on linux Type "help", "copyright", "credits" or "license"for more information. >>> s = "1111000111000000110001001100101010000110100000111000110010101000" >>> a = int.to_bytes(int(s, 2), length=len(s) // 8, byteorder="big") >>> a b'\xf1\xc0\xc4\xca\x86\x83\x8c\xa8'