xtu-ctf Challenges-Reverse 1、2

I have always been interested in network security , But the technology is still unable to get started , Thinking that winter vacation may enable me to officially enter the learning road of network security , The senior said that the tutorial is secondary after all , Brushing questions is fundamental , Now I send you two reverse A simple solution to the problem , My little white level , At present, it is still in the exploratory stage , I hope you guys spray gently

1.FIRST
Title address ：http://172.22.114.206:8000/challenges#First

The title has attachments , After downloading, the file name is First.exe
In the PEID Check whether there is a shell , Check no shell , Ready to put directly ida, Start to reverse

open 32 Bit ida, Select the default loading method

good , Officially come to the program execution interface

Direct routine operation , Find string

Suspicious string found , Double click to the program address where the string is located

Double click the arrow again , A program execution flowchart appears , There is no need to study , direct f5 Disassembly

Take a look at the end of the program , There is one strcmp function , Obviously , When two strings are output at the same time congratulations, Then we just need to know what this string is
Inspection procedure , And write a similar program , Make it right str1 Strings do the opposite , You can get str2
Start writing

Run it , Get the results

This is it. flag 了

2.SECOND
Title address ：http://172.22.114.206:8000/challenges#Second
The biggest difficulty of this problem is to shell …
Also download the source file , Put in PEID Check the shell

It can be seen that there is a shell , however upx Shell is a relatively simple shell , There are some tools on the Internet that can be shelled directly （ At first I thought od Bypassing the shell , But the technology is not good , I have to find tools ）
UPXtools

here , It's like this , Drag the files to be shelled in , Click decompress and then click start , Will generate a shelled file
PEID Check again , See if the shelling is successful

Good success , Put it in as usual ida Check

The same is true for the general operation of querying strings , As expected, I found congratulations

Find the same congratulations Part of the program ,f5 After anti compilation, pseudo c as follows ：

It doesn't matter if the front doesn't show , It does not affect the reader's understanding of the meaning of the latter part of the program , Compare two strings , If it is identical, output congratulations

therefore , Also write a c Just run the program ：

Run it ,flag And then there is

These two questions are not difficult , The main thing is to have the corresponding tools and master the method of using the tools , Solve the problem and get caught .