SharifCTF Runme Writeup

-
So Sharif CTF was overall a good CTF and it had quite a few windows reversing questions.
Runme was to run the program by modifying it, in the least possible way. And then we had to find the MD5 hash of the file.
On analyzing the binary, there were some messed up header information and stuff of the sort.
So I used the tool called LORDPE to edit the headers.
After comparing with other binaries, I noticed that the subsystem number was set to 1 which is not usually the subsystem number for an ordinary executable.
So I changed it to 2 and voila! it worked. 

Thanks for reading. :)

Comments

Post a Comment

Popular posts from this blog

An introduction to GDB

-
Image
Hey guys, this is my first post and pardon me for any errors if I make any errors. Hope you know about x86 architecture, assembly language, stack, etc. If not then head over to security tube to learn a bit about it. So let's begin. GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed. GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act: Start your program, specifying anything that might affect its behavior. Make your program stop on specified conditions. Examine what has happened, when your program has stopped. Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. So I just copied that piece of text from gnu.org  :p . Basically what it does is show us the assembly code for a program which is really really helpful and
Read more