Open in app

Sign in

Write

Sign in

Compiled | TryHackMe Walkthrough

Nihir Zala
2 min readDec 16, 2023

--

Description:

Task 1 Welcome

Download the task file and get started. The binary can also be found in the AttackBox inside the /root/Rooms/Compiled/ directory.

Note: The binary will not execute if using the AttackBox. However, you can still solve the challenge.

Answer the questions below

What is the password?

I download the given file and try to run it.

└─$ ./Compiled.Compiled
Password: test
Try again!

It ask for password which is also what this room ask for. Thus, I put the file into Decompiler, in this case Ghidra. Here’s main function:

undefined8 main(void)
{
  int iVar1;
  char local_28 [32];
  
  fwrite("Password: ",1,10,stdout);
  __isoc99_scanf("DoYouEven%sCTF",local_28);
  iVar1 = strcmp(local_28,"__dso_handle");
  if ((-1 < iVar1) && (iVar1 = strcmp(local_28,"__dso_handle"), iVar1 < 1)) {
    printf("Try again!");
    return 0;
  }
  iVar1 = strcmp(local_28,"_init");
  if (iVar1 == 0) {
    printf("Correct!");
  }
  else {
    printf("Try again!");
  }
  return 0;
}

Let’s breakdown what this code does:

  • Ask for password, receive it in format “DoYouEven%sCTF”, then store in variable ‘local_28’
  • Compare the password string with “__dso_handle”, then store the result in ‘iVar1’
  • If password strings equal to “__dso_handle”, it will print “Try again!” and end the program
  • Compare the password string with “_init”, then store the result in ‘iVar1’
  • If password strings equal to “_init”, means the password is correct.

This means the correct password is a string which makes ‘local_28’ has value ‘_init’. Knowing this, the last problem is how the line ‘__isoc99_scanf(“DoYouEven%sCTF”,local_28);’ receive input. Let’s first see how it works. It captures everything between “DoYouEven” and the first occurrence of “CTF,” including any characters that are not whitespace.

ex.

  • Password: DoYouEven_CTF tttt
    input: _CTF
  • Password: DoYouEvenanytext
    input: anytext
  • Password: DoYouEven-CTF t
    input: -CTF

Therefore, the solution is quite simple in order to make local_28 equal to ‘_init’:

  • DoYouEven_init
└─$ ./Compiled.Compiled 
Password: DoYouEven_init
Correct!

You can follow me on social media:

Twitter, Linkedin, Instagram & Github.

Tryhackme
Tryhackme Walkthrough
Ctf
Ctf Writeup
Cybersecurity

--

--

Nihir Zala
Nihir Zala

Written by Nihir Zala

37 Followers
1 Following

Hi there, I'm Nihir Zala—a Laravel developer from Gujrat, India, with over 2.5 years of professional experience. I also learning Penetesting from THM and HTB.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams