Link: https://wargame.whitehat.vn/Challenges/DetailContest/143
Points: 100
Category: RE

Description

http://material.wargame.whitehat.vn/contests/11/digital_fortrees.exe
flag = SHA1(FirstRoom:SecondRoom:ThridRoom)

tl;dr

Simple python program packed with py2exe. After recovering python code back from it, turns out all you need to do is factorize 28-digit number made of 3 primes.

Solution

The task authors provided us with an .exe file. After running it in a Windows VM we see the following output:

It looks like the input is correctly validated, I couldn’t get anything interesting by typing in random stuff. However, once we choose one of the options the application crashes with a very interesting stack trace:

Huh, so it’s python? That makes the whole problem so much easier. All I needed to do was run unpy2exe to extract digital_fortrees.py.pyc out of it. Now we can run uncompyle2 to get back the python code. Turns out all it does is print the ascii art and ask for user’s choice. Once it gets a valid choice it downloads and executes an appropriate python script. The references for follow up scripts are clearly visible in source code, so I just downloaded the 2 follow up scripts.

drawmap.py runs in endless loop, finds prime numbers and for each number creates a directory named with the number. Doesn’t sound particularly useful. Let’s check out letgo.py.

Ok, this is pretty simple. All we need to do is factorize the number in line 9. I’m lazy, so I just used Wolfram Alpha to do this. As expected the number factorizes into 3 primes, that make up the flag.

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *

*