[Pwn] Baby Enter Password

Application inside directory /home/enterpassword asks for the password. Can you break it?

Link to the challenge

For this challenge we’re given SSH credentials and information about an application on the server.

After logging in and going into the directory pointed out by the task description we can see the flag file and a SGID binary that will allow us to read the flag file. directory

It’s not necessary but we can transfer the binary to our machine to check how it will behave.

After transferring it we can open it up in ghidra and see the decompiler output. (The output below is cleaned up a bit) main

The main function prompts the user for a password and checks it against a hardcoded pass with strcmp. The hardcoded password is “ThisIsSparta!”

We can now run the binary, and provide it the password we found to get the flag. flag

Flag: CTF{ThisIsCTF!}