Password-Checker CSAW CTF 2021 Write-Up

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

This is a warm-up challenge for Binary Exploitation.

Downloadable file is 64-bit binary file which is not stripped.

Using checksec we can analyze the binary file.

After making the file writable we can execute it.

We have to enter the correct password to get in. I tried “charlie” for first time and no luck.

Then I tried “password”, it worked but there is no sign of any flag.

So we have to check the binary file how it works.

I used Ghidra to open the binary file and analyze the functions.

On analyzing the functions, main function calls a function called password_checker.

String comparison is happening that’s why “password” got accepted. But there is vulnerable function is this program which is gets().

When we open gets() man page, it gives us a warning to not use this function because gets() will store characters past the buffer allocation which will lead to Buffer-Overflow vulnerability.

Taking it as an advantage we can break the binary file to get to flag.

Again I analyzed the functions and found a function called “backdoor” which is suspicious.

Backdoor function is

Read the article