CREST CTF - operator_mistake
CREST CTF - operator_mistake
Overview
This one is the opposite of ghost_mantis_scanner: the binary looks like it might hide something deeper, but the intended solve is just to pay attention to the environment variable exposed by strings and confirm the branch in disassembly.
Flag:
1
CREST{0p-m4nti$-07-0228-4ttrib}
Solve plan
Because the challenge felt intentionally easy, I kept the workflow simple:
- run the binary once normally
- check
strings - try the obvious environment variable
- confirm the control flow in
objdump
1. Baseline run
1
2
3
4
$ ./rev/operator_mistake
Operator module initialized.
Telemetry active.
No debugging interface exposed.
So the program does not ask for input and just exits after printing a few status messages.
2. strings gives away the input surface
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ strings -n 6 rev/operator_mistake | head -n 24
/lib64/ld-linux-x86-64.so.2
__stack_chk_fail
ptrace
getpid
stdout
__libc_start_main
__cxa_finalize
getenv
libc.so.6
GLIBC_2.4
GLIBC_2.34
GLIBC_2.2.5
Operator module initialized.
Telemetry active.
GM_DEBUG
No debugging interface exposed.
The interesting part is obvious:
1
GM_DEBUG
At that point the most reasonable test is to set it and rerun the binary.
3. My solve
1
2
3
4
5
$ GM_DEBUG=1 ./rev/operator_mistake
Operator module initialized.
Telemetry active.
No debugging interface exposed.
CREST{0p-m4nti$-07-0228-4ttrib}
That is the flag already.
Final flag
1
CREST{0p-m4nti$-07-0228-4ttrib}
i think this was operator’s mistake so this challenge was taken down :)
This post is licensed under CC BY 4.0 by the author.