Wednesday, May 29, 2013

Padocon Qualifiers CTF 2010 : CatchMe - 200 Points

Padocon Qualifiers CTF 2010 : CatchMe - 200 Points

File given to us:
This is the original file:

Recommended Tools:
Brains and Programming skills

Solving the Puzzle:
Let's fire up the binary which we are given.

Hmmmm...i can't seem to click on the button. I guess i have to click on the button in order to solve this.
As the button moved away whenever i placed my mouse cursor near it.
I guess i have to either reverse the application but i didn't want to spend too much time trying to reverse this application.

Thus, I've decided to make use of my development skills to solve this puzzle.

Logic behind this Solution:
Since moving my mouse cursor near the button will cause it to move away.

I've decided to send WM_LBUTTONDOWN ( & WM_LBUTTONUP ( messages with SendMessage function ( to simulate the mouse cursor actions of clicking the button.

But in order to do that i need get the handle to CatchMeIfYouCan.exe.

So i've used FindWindow function ( to look for "Catch Me If You Can!"
Then i get the area of the binary using GetClientRect function (

Brute-Force Logic:
int main(int argc, char *argv[]){
    HWND hWnd;
    RECT rect1;
    hWnd = FindWindow(NULL,L"Catch Me If You Can!");
    GetClientRect(hWnd, &rect1);
    for( rect1.left = 0; rect1.left <= rect1.right ; rect1.left++ ){
        for( = 0; <= rect1.bottom ; ){
            SendMessage(hWnd, WM_LBUTTONDOWN, 0, MAKELONG(rect1.left,;
            SendMessage(hWnd, WM_LBUTTONUP, 0, MAKELONG(rect1.left,;

Final Solution:
Once you have compiled the above code and get it to run. The button will stop moving and you can click on the button and you will be presented with a messagebox with the solution, "Zntus_WARTG_gAng"

I have attached the source code for the brute-force application so that you can try it on your own.



No comments:

Post a Comment