Friday, November 2, 2012

exploit-exercises Nebula: level14

level14 of Nebula wargame says that we have a binary that takes input from standard input and outputs an encryption. Our goal is to decrypt the token file.
[email protected]:~$ cat ../flag14/token 
Playing a bit with the binary, we see that the "encryption" is just encoding the input by incrementing characters one-by-one with a value that starts at 0 and is increased by 1 each time.
[email protected]:~$ echo -n "aaaaaaaaaaaaa" | ../flag14/flag14 -e
Taking this into account, decrypting the content of token becomes trivial. A simple python script for the task.
[email protected]:~$ cat 
import sys
result = ""
pos = 0
with open(sys.argv[1], "r") as f:
    for c in[:-1]:
        result += chr(ord(c) - pos)
        pos += 1
print result
[email protected]:~$ python ../flag14/token
We login into flag14 and getflag!
[email protected]:~$ getflag
You have successfully executed getflag on a target account

No comments:

Post a Comment