Without a Trace Reverse

Draeger’s mothership has suddenly vanished, he could be readying an attack! You need to track him down before disaster strikes…

This challenge is easy as well. we look at the check_password function and see that the password is compared with the block of hex initialized above. The ptrace should return 0 if the process is not being debugged.

H T B { t r 4 c 3 _ m 3 _ u p _ b 4 _ u _ g 0 g 0 } This should be the moment to read up on the ptrace function. https://man7.org/linux/man-pages/man2/ptrace.2.html Ptrace is a system call that one process can use to observe another one. The most important parameters are: On success, ptrace() shall return the requested data for PTRACE_PEEK requests, or zero for all other requests. On error, all requests return -1. So in our case if the process is not being debugged returns 0.

    PTRACE_TRACEME
          Indicate that this process is to be traced by its parent.
          A process probably shouldn't make this request if its
          parent isn't expecting to trace it.  (pid, addr, and data
          are ignored.)

          The PTRACE_TRACEME request is used only by the tracee; the
          remaining requests are used only by the tracer.  In the
          following requests, pid specifies the thread ID of the
          tracee to be acted on.  For requests other than
          PTRACE_ATTACH, PTRACE_SEIZE, PTRACE_INTERRUPT, and
          PTRACE_KILL, the tracee must be stopped.

   PTRACE_PEEKTEXT, PTRACE_PEEKDATA
          Read a word at the address addr in the tracee's memory,
          returning the word as the result of the ptrace() call.
          Linux does not have separate text and data address spaces,
          so these two requests are currently equivalent.  (data is
          ignored; but see NOTES.)

   PTRACE_PEEKUSER
          Read a word at offset addr in the tracee's USER area,
          which holds the registers and other information about the
          process (see <sys/user.h>).  The word is returned as the
          result of the ptrace() call.  Typically, the offset must
          be word-aligned, though this might vary by architecture.
          See NOTES.  (data is ignored; but see NOTES.)

   PTRACE_POKETEXT, PTRACE_POKEDATA
          Copy the word data to the address addr in the tracee's
          memory.  As for PTRACE_PEEKTEXT and PTRACE_PEEKDATA, these
          two requests are currently equivalent.

   PTRACE_POKEUSER
          Copy the word data to offset addr in the tracee's USER
          area.  As for PTRACE_PEEKUSER, the offset must typically
          be word-aligned.  In order to maintain the integrity of
          the kernel, some modifications to the USER area are
          disallowed.

   PTRACE_GETREGS, PTRACE_GETFPREGS
          Copy the tracee's general-purpose or floating-point
          registers, respectively, to the address data in the
          tracer.  See <sys/user.h> for information on the format of
          this data.  (addr is ignored.)  Note that SPARC systems
          have the meaning of data and addr reversed; that is, data
          is ignored and the registers are copied to the address
          addr.  PTRACE_GETREGS and PTRACE_GETFPREGS are not present
          on all architectures.

   PTRACE_GETREGSET (since Linux 2.6.34)
          Read the tracee's registers.  addr specifies, in an
          architecture-dependent way, the type of registers to be
          read.  NT_PRSTATUS (with numerical value 1) usually
          results in reading of general-purpose registers.  If the
          CPU has, for example, floating-point and/or vector
          registers, they can be retrieved by setting addr to the
          corresponding NT_foo constant.  data points to a struct
          iovec, which describes the destination buffer's location
          and length.  On return, the kernel modifies iov.len to
          indicate the actual number of bytes returned.

   PTRACE_SETREGS, PTRACE_SETFPREGS
          Modify the tracee's general-purpose or floating-point
          registers, respectively, from the address data in the
          tracer.  As for PTRACE_POKEUSER, some general-purpose
          register modifications may be disallowed.  (addr is
          ignored.)  Note that SPARC systems have the meaning of
          data and addr reversed; that is, data is ignored and the
          registers are copied from the address addr.
          PTRACE_SETREGS and PTRACE_SETFPREGS are not present on all
          architectures.

   PTRACE_SETREGSET (since Linux 2.6.34)
          Modify the tracee's registers.  The meaning of addr and
          data is analogous to PTRACE_GETREGSET.

   PTRACE_GETSIGINFO (since Linux 2.3.99-pre6)
          Retrieve information about the signal that caused the
          stop.  Copy a siginfo_t structure (see sigaction(2)) from
          the tracee to the address data in the tracer.  (addr is
          ignored.)

*Posts*

Hack the Box rev headache

Flare On challenges 1 and 2 2014-2022

La CTF stringcheese caterpillar finals-simulator ctfd-plus

IdekCtf 2022

Hack the Box pentest Shoppy

Hack the Box rev Spookylicence

Hack the Box rev Bombs Landed

Hack the Box pentest Photobomb

Hack the Box rev DebugMe

Hack the Box pentest Precious

Hack the Box rev Up a Stream

Hack the Box rev Golfer Part 1

Hack the Box rev Partial Encryption

Hack the Box rev Rauth

Hack the Box rev Exatlon

Hack the Box rev Bypass

Hack the Box rev Behind the Scenes

Hack the Box rev Simple Encryptor

Hack the Box rev Impossible Password

Hack the Box rev 0xdiablos

Pwnable rev shellshock

pwnable.kr rev mistake

Sunshine CTF rev middle-endian

pwnable rev leg

Hack the box pwn jeeves

Hack the Box rev hunting

pwnable.kr rev fd pwnable

Hack the Box rev batcomputer

Hack the Box rev HTB_RACECAR

STACK The Flags Quills of Power

STACK The Flags Hit you with that

STACK The Flags Cobalt Struck

Sunshine CTF 2022 Middle Endian

UNIBUC_RE_lab_7_task_2

UNIBUC_RE_lab_7_task_1

UNIBUC_RE_lab_6_task_4

UNIBUC_RE_lab_6_task_3

UNIBUC_RE_lab_6_task_2

UNIBUC_RE_lab_6_task_1

UNIBUC_RE_lab_5_task_4

UNIBUC_RE_lab_5_task_3

UNIBUC_RE_lab_5_task_2

UNIBUC_RE_lab_5_task_1

UNIBUC_RE_lab_2

UNIBUC_RE_lab_1_task01_windows

UNIBUC_RE_lab_1_task01_linux

MAPLECTF_22_flag_hoarding

MAPLECTF_22_disukoodo

warmup SHELLCTF 22

turbocrab

tea SHELLCTF 22

snakecode htb ctf ca 2022 python disassemble lambda pyc

simplewaf

server challenge aresx

secret document SHELLCTF 22

safepy

pulling the strings SHELLCTF22

keygen

indefinite reverse Ca 2022

how to defeat a dragon SHELLCTF 22

heysurfer's first crackme

heaven SHELLCTF 22

Without a Trace Reverse

Wide CA 2022 Reverse

Teleport Reverse Writeup CA 2022

Shuffle Me Reverse

Rebuilding Reverse

Rebasing an image

PopaCracker's Python CrackMe

Nuts and Bolts Reverse

Microsoft corctf2022

It's A Wrap Hack a Sat 3 2022

Intergalactic Recovery CA 2022 HTB CTF Forensics RAID 5 recovery

Ida python change data type script

HTB CA 2022 CTF seized forensics google chrome password extraction APPDATA masterkey john the ripper

Golden Persistence CA 2022 HTB CTF Registry Powershell

Front Door Crowdstrike Adversary Quest Writeup

Free Services Forensics

Freaky Forum Interception Reverse

Posts