File Descriptor Using the ls -la you'll notice that the suid bit is set for fd executable. Checking the code: #include <stdio.h> #include <stdlib.h> #include <string.h> char buf[32]; int main(int argc, char* argv[], char* envp[]){ if(argc<2){ printf("pass argv[1] a number\n"); return 0; } int fd = atoi( argv[1] ) - 0x1234; int len = 0; len = read(fd, buf, 32); if(!strcmp("LETMEWIN\n", buf)){ printf("good job :)\n"); system("/bin/cat flag"); exit(0); } printf("learn about Linux file IO\n"); return 0; } Two important function calls inside the code are atio() which initializes the fd. ...

The hidden function This binary politely greets you when you run it, no useful string with rabin2. Running it with r2 you'll see a very simple entry0 followed by a main, yet the binary is healthy, no hlt or bad jump whatsoever. Trying afl , gave an interesting list of functions, two of which was entry1.init and entry2.fini. Seeking to them and there was a jump just before a function epilogue. ...

The "Interesting" input This binary asked for some input to generate the flag. A sym.check function shines in main: This function has 3 important parts: A check for length of the password which should be at least 0x13 or 19 characters, as shown in the figure with number 1. First four letters, indicated by 2 in the figure, implying a password starting with aqua. A for loop indicated by 3 in the figure, which is almost the most challenging (still trivial) part. ...

Unfortunately I had to remove HTB writeups because of its terms of service. HackTheBox forum is the best place to get some hint on the challenges.

A crypto-reversing challenge Summary: Gocha was a crypto-reversing challenge for 100 points. We were given the following code in python 3. This code is for an online lottery system which asks provides the user with 3 choices of seemingly random numbers, one of which is the winner key and the other two is losing keys. So the probability of winning is 33.3%. However, the user has to win 90% of times for playing at least 30 times. ...