Cr4ckm3 Game #Level 0

Cr4ckm3 Game by disconnect3d

Let the game begin! ;)

First of all, it’s a Linux crack me CTF challenge. I didn’t test on Windows actually and that’s why I have no idea if it’s gonna work. For the sake of conscience go to a Linux environment, Okay?

So, let’s see…

Step One

Go to https://github.com/disconnect3d/crackme and download this repository.

Rules

  • Do not look into makefile or source files
  • Do not change chmods

How to Play

Open your terminal, go to the downloaded directory and run the make command to build them all. Now you can run ./crackme/warmup which is the first challenge, level 0.

After crack each level you’ll get a password such as a flag which is the next level file name.

Cracking #Level 0 !

  • Hint: use strace / strings

Running the (warmup) code

1
$ ./crackme/warmup
  • Code output:

    cr4ckm3 level 0. enjoy
    Sending secret message to void…
    Secret message has been sent.

Hmmm… Okay! What about follow the hints, hm?

1
$ strace ./crackme/warmup

Command Output:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
execve("./crackme/warmup", ["./crackme/warmup"], [/* 84 vars */]) = 0
brk(NULL) = 0x1dcc000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8708624000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=130992, ...}) = 0
mmap(NULL, 130992, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8708604000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1864888, ...}) = 0
mmap(NULL, 3967392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8708038000
mprotect(0x7f87081f7000, 2097152, PROT_NONE) = 0
mmap(0x7f87083f7000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bf000) = 0x7f87083f7000
mmap(0x7f87083fd000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f87083fd000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8708603000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8708602000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8708601000
arch_prctl(ARCH_SET_FS, 0x7f8708602700) = 0
mprotect(0x7f87083f7000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ) = 0
mprotect(0x7f8708626000, 4096, PROT_READ) = 0
munmap(0x7f8708604000, 130992) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 16), ...}) = 0
brk(NULL) = 0x1dcc000
brk(0x1ded000) = 0x1ded000
write(1, "cr4ckm3 level 0. enjoy\n", 23cr4ckm3 level 0. enjoy
) = 23
write(1, "Sending secret message to void.."..., 34Sending secret message to void...
) = 34
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
ioctl(3, TCGETS, 0x7ffedcf20040) = -1 ENOTTY (Inappropriate ioctl for device)
write(3, "password: filterme\n", 19) = 19
close(3) = 0
write(1, "Secret message has been sent.\n", 30Secret message has been sent.
) = 30
exit_group(0) = ?
+++ exited with 0 +++

C’mon! Easy peasy lemon squeezy!

Now you can go to the level 1

How?

1
$ ./crackme/<password you've found>

See you next level! :D