forbytten blogs

LootStash Writeup - Cyber Apocalypse 2024

Last update:

1 Introduction

This writeup covers the LootStash Reversing challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. The challenge involved searching for plaintext strings in an x86-64 binary.

The description of the challenge is shown below.

LootStash challenge description

2 Key Techniques

The key techniques employed in this writeup are:

3 Artifacts Summary

The downloaded artifact had the following hash:

$ shasum -a256 rev_lootstash.zip
17b0c167a30a51247ff901be455cd5491d58e276981707bb17231177922f7d3d  rev_lootstash.zip

The zip file contained a single file, stash:

$ unzip rev_lootstash.zip
Archive:  rev_lootstash.zip
   creating: rev_lootstash/
  inflating: rev_lootstash/stash

$ shasum -a256 rev_lootstash/*
2de89e7ea8347d190dbd9314f8a8f5680678abe03e520a530ecd87c29fb99c72  rev_lootstash/stash

4 Static Analysis

4.1 Basic file identification

The file command was used to identify the binary. For the purposes of the challenge, the key properties identified were:

$ file stash
stash: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=817b1311ae44bdc6ed8a9b563159616844e59c64, for GNU/Linux 3.2.0, not stripped

4.2 Obtaining the flag

The flag was trivially found by extracting strings from the binary using the strings1 command, then using grep to filter the results for “HTB”.

$ strings stash|grep HTB
HTB{n33dl3_1n_a_l00t_stack}

5 Conclusion

The flag was submitted and the challenge was marked as pwned

Submission of the flag marked the challenge as pwned