Santa doesn't have a lot of room left in his sleigh. Help him fit one more item
Solution
Decompile the given file using IDA.
v10 = __readfsqword(0x28u);
read(0, buf, 0x78uLL);
v8 = 0x10102464C457FLL;
for ( i = 0; i <= 7; ++i )
{
if ( buf[i - 8] != buf[i] )
{
write(1, "Not an ELF file\n", 0x10uLL);
exit(1);
}
}
fd = memfd_create("program", 0LL);
if ( fd == -1 )
{
write(1, "Failed to create memfd\n", 0x17uLL);
exit(1);
}
write(fd, buf, 0x78uLL);
argva = 0LL;
envpa = 0LL;
if ( fexecve(fd, &argva, &envpa) == -1 )
{
write(1, "Failed to execute\n", 0x12uLL);
exit(1);
}
return 0;
The program above validate the header of the file is ELF or not, if ELF it will be written to memory wit only size 120 then it will be executed. So in this challenge we need to send ELF file which has maximum length 120 bytes to get the flag. During the competition my teammates (hanasuru) found this reference. From that reference we can see that the size for 32bit is smaller than 64bit. So i choose 32bit, but when i send the ELF it shown "Not an ELF file" because of the header was invalid. So changing the header from 0x7F, "ELF", 1, 1, 1, 0 to 0x7F, "ELF", 2, 1, 1, 0 will fix this (based on the given executable). After that just search shellcode that spawn shell then compile it using nasm.