The solution to the task with pwnable.kr 04 - flag. Packed executables
In this article we will analyze: how and why packaging of executable files is used, how to detect and unpack them, and decide the 4th task from the site pwnable.kr .
Organizational information
Especially for those who want to learn something new and develop in any of the areas of information and computer security, I will write and talk about the following categories:
In addition, I will share my experience in computer forensics, analysis of malware and firmware, attacks on wireless networks and local area networks, pentesting and writing exploits.
So that you can learn about new articles, software and other information, I created a channel in Telegram and a group to discuss any issues in the field of i & kb. I will also personally consider your personal requests, questions, suggestions and recommendations and answer all .
All information is presented solely for educational purposes. The author of this document does not bear any responsibility for any damage caused to anyone as a result of using the knowledge and methods obtained as a result of studying this document.
- PWN;
- cryptography (crypto);
- network technologies (Network);
- reverse (Reverse Engineering);
- steganography (Stegano);
- search and exploitation of WEB-vulnerabilities.
In addition, I will share my experience in computer forensics, analysis of malware and firmware, attacks on wireless networks and local area networks, pentesting and writing exploits.
So that you can learn about new articles, software and other information, I created a channel in Telegram and a group to discuss any issues in the field of i & kb. I will also personally consider your personal requests, questions, suggestions and recommendations and answer all .
All information is presented solely for educational purposes. The author of this document does not bear any responsibility for any damage caused to anyone as a result of using the knowledge and methods obtained as a result of studying this document.
Packing executable files
Packed files are files that hide their source code using compression or encryption. As you progress, such a file decrypts its source code and copies it to another section. Packers typically modify the import address table (IAT - Import Address Table) or import lookup table (ILUT - Import LookUp Table), as well as the header.
')
Packaging is applied for the following reasons:
- packed file takes up less space;
- to prevent reverse program development;
- Encrypted packaging can also be used maliciously when creating viruses to encrypt and modify a virus code to make it difficult for it to be detected by signature-based systems.
You can analyze whether the program is packaged or not using PEid or DetectItEasy . For unpacking, use the appropriate programs or universal unpackers, for example, Quick Unpack .
Famous packers:
Solution job flag
Click on the icon with the signature flag, and we are told that we can download the executable file.
We are not given the initial course. For the analysis of the program, I will use Cutter . Open Cutter, specify the path to the executable file.
We observe a very strange graph of the program and the absence of the main function.
Check the program in DetectItEasy, which says that our file is packed with UPX.
Unpack the program with the following command.
upx -d flag 
Now, if you throw the program into Cutter, you can observe the main function and unpacked lines.
We see a line with UPX. Find it in the list of strings.
This is the answer. As a result, we get our points.
See you in the next articles !!!
Source: https://habr.com/ru/post/460028/
All Articles