Some hints about week 1 CTFs¶
This week, you will be working on Ch1_Ltrace and
Ch1_Readelf from the Ch1-2 set of CTFs. Once you have
downloaded Ch1-2.zip from the CTF site, you can get it onto
the student server with rsync as described in the student
server guide.
Once you are on the server, in order to run the individual levels, you
will need to unzip the archive. You can do this with the unzip
program, and if you pass a -d directoryname option to it,
you can keep all the levels bundled together rather than dumping them
all into your home directory at the top level.
unzip -d Ch1-2 Ch1-2.zip
Whenever you first approach a CTF level, start by running the program,
e.g. ./Ch1_Ltrace. It will typically describe what approach you
should take and even given hints, and then of course it will prompt you
for a password. The first time you run it, you won’t know where to start
yet, so type whatever you want, or just stop the program with control-c.
The ltrace program is a useful diagnostic tool, which sneakily
modifies the way linking works so that when a program makes calls to
a library, ltrace gets to see what’s going on. Try it on the CTF program.
ltrace ./Ch1_Ltrace
The program still runs and does its usual things, but additionally there
will be output from ltrace showing all of the library calls that are
being used, like printf to print the messages. The C library
function that compares two strings (such as when you want to compare
user input against a secret password…) is strcmp.
The Ch1_Readelf level encourages exploration with tools that
interpret the binary information in object files such as readelf
and objdump. I encourage you to experiment, but the most
straightforward way through is to use objdump -s Ch1_Readelf.
The -s is for ‘strings’, and it will show you all the places
where the program seems to include ASCII text. One of those places will
be the secret password!
As a further hint, because the output will probably be very long (definitely use less), you’ll want to focus on the right section. The information in a program is organized into sections or segments with different purposes; for example, the text section has the machine code instructions, the data section has global variables, and the rodata section has read-only data such as strings and constants. When I solved this level, I found my password in the read-only data.