Let’s take a look at the binary.
Nothing special here. Let’s try our previous strategy by taking a look at the strings. But unfortunately it’s not that simple as we see from the truncated output below.
But wait there’s something at the end “UPX!”. This is a hint in itself for someone with previous experience. Now let’s assume we don’t know anything.
Taking a look at the hint, we see another usefull tool calle
binwalk. Examining the binary again using
binwalk, which is a really great tool to keep around for CTFs.
We come across some interesting stuff…
Besides the ELF binary we see that we have some ‘UPX’ stuff. So what’s this? A quick google and you will find that UPX is a free packer for executables. What the hell is a packer? It’s kind of a fancy word for a compressor. But it’s a special kind. The packed executable is capable of unpacking itself into memory. That’s why if you try to run the executable, it runs perfectly fine. What this means is that when we try running strings on the executable it shows us the strings from the packed file. So let’s unpack this executable. You can get the utility to unpack from here.
Let’s unpack the file.
Now lets run “strings”
And that’s how we solve this level.