Codsmp.zip ✦ Top

$ file payload_decrypted.bin payload_decrypted.bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, stripped Great – we have a Linux ELF binary now. Let’s run strings and objdump on it.

# Grab any flag inside the inner archive for f in inner_dir.rglob('*'): if f.is_file(): data = f.read_bytes() flag = extract_flag(data) if flag: print(f'[inner] Flag in f.relative_to(work): flag') codsmp.zip

# Extract inner.zip inner_dir = work/'inner' inner_dir.mkdir(exist_ok=True) subprocess.run(['unzip', '-q', str(inner_zip), '-d', str(inner_dir)], check=True) $ file payload_decrypted

def main(zip_path='codsmp.zip'): work = Path('work') work.mkdir(exist_ok=True) # ----------------------------------------------------------------- # 1. Unzip the original archive subprocess.run(['unzip', '-q', zip_path, '-d', str(work)], check=True) Unzip the original archive subprocess

0x00001152 <.rodata>: 1152: 46 4c 41 47 7b 43 4f .byte 0x46,0x4c,0x41,0x47,0x7b,0x43,0x4f 1159: 44 53 4d 50 2d 33 37 .byte 0x44,0x53,0x4d,0x50,0x2d,0x33,0x37 1160: 31 34 38 30 7d 00 00 .byte 0x31,0x34,0x38,0x30,0x7d,0x00,0x00 The string at 0x1152 is: