LINK:https://www.root-me.org/en/Challenges/Cryptanalysis/ELF64-PID-encryption
SourceCode:(Linux隐藏进程的源代码)
/*
* gcc ch21.c -lcrypt -o ch21
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <crypt.h>
#include <sys/types.h>
#include <unistd.h>
int main (int argc, char *argv[]) {
char pid[16];
char *args[] = { "/bin/bash", "-p", 0 };
snprintf(pid, sizeof(pid), "%i", getpid());
if (argc != 2)
return 0;
printf("%s=%s",argv[1], crypt(pid, "$1$awesome"));
if (strcmp(argv[1], crypt(pid, "$1$awesome")) == 0) {
printf("WIN!\n");
execve(args[0], &args[0], NULL);
} else {
printf("Fail... :/\n");
}
return 0;
}
Decrypt SourceCode:
/*Once we know the PID it is easy to know what to do next*/
/*You have to cd /tmp and vim break.c */
/*Paste the code below into it */
/* cryptanalyse-ch21@challenge01:~$ pwd
* /challenge/cryptanalyse/ch21 */
#include <crypt.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
int main()
{
char pid[16];
snprintf(pid, sizeof(pid), "%i", getpid());
execl("/challenge/cryptanalyse/ch21/ch21", "ch21", crypt(pid, "$1$awesome"), NULL);
}
/*
* ** gcc break.c -o solution -lcrypt
* ** We know that pid is ch21.c
* ** run ./solution
* ** -/q2/a9d6e31D
* */