LootStash Writeup - Cyber Apocalypse 2024
→ 1 Introduction
This writeup covers the LootStash Reversing challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. The challenge involved searching for plaintext strings in an x86-64 binary.
The description of the challenge is shown below.
→ 2 Key Techniques
The key techniques employed in this writeup are:
-
Using the
strings
command to search for strings in a binary
→ 3 Artifacts Summary
The downloaded artifact had the following hash:
$ shasum -a256 rev_lootstash.zip
17b0c167a30a51247ff901be455cd5491d58e276981707bb17231177922f7d3d rev_lootstash.zip
The zip file contained a single file, stash
:
$ unzip rev_lootstash.zip
Archive: rev_lootstash.zip
creating: rev_lootstash/
inflating: rev_lootstash/stash
$ shasum -a256 rev_lootstash/*
2de89e7ea8347d190dbd9314f8a8f5680678abe03e520a530ecd87c29fb99c72 rev_lootstash/stash
→ 4 Static Analysis
→ 4.1 Basic file identification
The file
command was used to identify the binary. For
the purposes of the challenge, the key properties identified were:
- ELF: The binary is in ELF format, commonly used on Linux systems.
- x86-64: The binary is compiled for x86-64 bit machines.
$ file stash
stash: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=817b1311ae44bdc6ed8a9b563159616844e59c64, for GNU/Linux 3.2.0, not stripped
→ 4.2 Obtaining the flag
The flag was trivially found by extracting strings from the binary
using the strings
1 command, then using
grep
to filter the results for “HTB”.
$ strings stash|grep HTB
HTB{n33dl3_1n_a_l00t_stack}
→ 5 Conclusion
The flag was submitted and the challenge was marked as pwned