Monstrosity

Challenge:

We found this program written by mirveal. He used it to hide a password in the form of a flag. See if you can find the flag in the program.

Submit the flag as flag{flag_text}.

Solution:

The provided file was an ELF binary:

$ file ./monstrosity 
./monstrosity: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, no section header

When run, the program would print out some ASCII art, wait for user input and print Incorrect

$ ./monstrosity 

    __  ___                 __                  _ __       
   /  |/  /___  ____  _____/ /__________  _____(_) /___  __
  / /|_/ / __ \/ __ \/ ___/ __/ ___/ __ \/ ___/ / __/ / / /
 / /  / / /_/ / / / (__  ) /_/ /  / /_/ (__  ) / /_/ /_/ / 
/_/  /_/\____/_/ /_/____/\__/_/   \____/____/_/\__/\__, /  
                                                  /____/   

A dreaded beast that slumbers in its secret lair, remaining in a dormant state for centuries.
>  pingtrip

Incorrect.

After some quick buffer-overflow testing we discovered that sending more than 78 characters would produce the flag:

$ ./monstrosity 
...
A dreaded beast that slumbers in its secret lair, remaining in a dormant state for centuries.
>  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Incorrect.
flag{TaRrAsqUE_m0nstros1tY}

The accepted flag was: flag{TaRrAsqUE_m0nstros1tY}

Author(s):

Category:

Points:

File(s):

Hint(s):

Monstrosity

Challenge:

Solution:

Leave a comment