The challenge for "CSAW Reversing 2013 1" is to obtain the flag from within the given binary and it can be easily achieved with just 3 steps.
Step 1: Open the executable for examination using OllyDbg and you will notice the executable contains the IsDebuggerPresent function which allows an application to determine whether or not it is being debugged so that it can modify its behaviour.
Step 2: Download the IsDebuggerPresent plugin for OllyDbg and extract to your OllyDbg plugins folder, if you do not have this plugin. Restart OllyDbg for this plugin to be available for use. Re-open the executable and use the "ExtraHide" option for this plugin against this executable.
Step 3: The flag to this challenge will be displayed once you run the executable (press F9 in OllyDbg).
Flag captured! 100 points in the bag by cheating!! Yay!!! :Þ
Cheers,
Braeburn Ladny
No comments:
Post a Comment