StackZero
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me
No Result
View All Result
StackZero
No Result
View All Result

PicoCTF: Crack ‘GDB Test Drive’ Challenge In Practice

June 8, 2023
in Reverse Engineering
0 0
PicoCTF: Crack ‘GDB Test Drive’ Challenge In Practice
0
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

This article aims to be a quickstart guide about GDB, a crucial tool for reverse engineering. We will closely examine a puzzle from PicoCTF, the ‘GDB Test Drive’ challenge.
But, we’re not just solving it. We’re learning the basics of GDB. We understand how it helps with dynamic analysis in reverse engineering. And to help you out, we’ve added a GDB Cheatsheet.
This guide is for everyone – beginners and experts. So, let’s dive in and discover the power of GDB!

Table of Contents

Toggle
  • What is GDB?
  • GDB Cheatsheet
  • Set Up the Environment for the picoCTF GDB Test Drive.
  • Get Your Hands Dirty on PicoCTF: GDB In Practice
  • Conclusion

What is GDB?

The GNU Debugger (GDB) is a powerful open-source debugger that’s widely used in the software development and cybersecurity fields. It allows you to dissect a program while it’s running, providing invaluable insights into its behaviour, performance, and potential flaws. This ability to dynamically analyze a running program makes GDB a critical tool in areas like malware analysis and reverse engineering.

In the realm of malware analysis, GDB’s dynamic analysis capabilities come to the fore. Malware analysis involves dissecting, understanding, and evaluating the functionality, origins, and potential impact of a malware sample. This process often requires delving into the world of reverse engineering to unravel the inner workings of a malware sample and develop effective strategies to combat it. Using GDB lets you observe how the malware operates in real time, thus gaining valuable insights into its mechanisms and devising tailored countermeasures to protect your systems.

On the other hand, reverse engineering, a process that involves disassembling software to reveal its underlying architecture and functionality, has become an invaluable tool in understanding and analyzing complex systems. GDB plays a significant role in this process, mainly when focusing on the x86_64 architecture, the most common in modern computing. GDB allows you to step through the assembly code, examine registers, observe stack changes, and much more, all of which are essential in gaining a thorough understanding of the software’s functionality and structure​​.

By the end of this article, not only will you have solved the GDB Test Drive in PicoCTF, but you’ll have a clearer understanding of GDB’s functionalities and its uses in reverse engineering and malware analysis, enriching your cybersecurity knowledge and capabilities.

GDB Cheatsheet

Here is just an overview of the main functionalities of GDB.

  1. Starting and Stopping GDB
  • gdb: Start GDB without a file.
  • gdb filename: Start GDB with a file.
  • quit: Quit GDB.
  1. Running the Program
  • run: Run the program.
  • run arguments: Run the program with arguments.
  1. Setting Breakpoints
  • break location: Set a breakpoint at a location.
  • info breakpoints: List all breakpoints.
  1. Stepping Through the Program
  • next: Run the program until the following line.
  • step: Step into function calls.
  1. Inspecting Variables
  • print variable: Print the value of a variable.
  • display variable: Continually display the value of a variable.
  1. Inspecting Source Code
  • list: List the source code.
  • list function: List the source code of a function.
  • list line: List the source code around a specific line.
  1. Inspecting Assembly Code
  • disassemble function: Disassemble the code of a function.
  • disassemble/r function: Disassemble the code of a function with raw opcodes.
  1. Inspecting Registers
  • info registers: Display all register values.
  • print/d $register: Print the value of a specific register in decimal.
  • print/x $register: Print the value of a specific register in hexadecimal.
  1. Inspecting the Stack
  • info stack: Display information about the stack.
  • x/10wx $sp: Show the top 10 words on the stack.

Set Up the Environment for the picoCTF GDB Test Drive.

Let’s go to PicoCTF and log in there or Register with Kali Linux for this reverse engineering task. Although REMnux is a go-to for many, we’re keeping things simple with Kali.

First, we need to set up GDB. Here’s the command to install it: sudo apt install gdb.

Next, we’re heading to PicoCTF.
We’re taking on the GDB Test Drive Challenge that you can find in the Reverse Engineering category of picoCTF, among the first challenges, at the moment of the writing of this article, it’s at this address.

Once you click on its card, you should see a screen with the link to the binary like this that will prompt this modal

picoctf challenge GDB Test Drive description

After you’ve downloaded the challenge files, find the “gdbme” file in your target folder. Let’s determine its type. Open a terminal in the same directory as your file and type: file gdbme.

That’s it! The result will reveal the file type.

gdbme: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=15cc42b7d1ba7d200593c720e2d9fd2e757fccca, for GNU/Linux 3.2.0, not stripped

You’ll see it’s an ELF (Executable Linux Format) file, 64-bit. The description also indicates that it’s not stripped.

Get Your Hands Dirty on PicoCTF: GDB In Practice

This PicoCTF challenge is designed to walk you through using GDB step by step. All the steps are suggested in the description.

Let’s check if everything is working fine. Open a new terminal in the directory where you downloaded the file and type:

chmod +x gdbme

Before starting, try to execute it by typing:

./gdbme

Is clear that the program is stuck, so we can proceed with debugging:

gdb gdbme

Firstly, we grant execution permissions to the file. Secondly, we run GDB and attach it to the ELF file. Here’s what you should see:

gdb run

Let’s inspect the assembly code now. As per the challenge description, type in your terminal:

layout asm

And here’s what you’ll observe:

gdb asm layout

However, I prefer the intel syntax, so to change it you can use:

set disassembly-flavour intel
layout asm

Now, the assembly is displayed the way we prefer:

picoctf gdb asm intel

Note the sleep function. It takes a single unsigned int parameter, which according to the calling convention, is passed into the edi register. In this case, it’s 0x186a0, or 100000 seconds in decimal.

We’ll set a breakpoint and run the program.

break *(main+99)
run
picoctf gdb break and jump

The program halts at the address <main+99>. We can skip the sleep call using this command:

jump *(main+104)

And voila, we have the flag!

picoctf gdb challenge complete

The flag is: picoCTF{d3bugg3r_dr1v3_7776d758}

Head over to the picoCTF website, enter the flag, and complete the challenge!

Conclusion

I hope you enjoyed this walkthrough of the PicoCTF Shop challenge using GDB. This practical exercise is a great way to understand the power of GDB in debugging and reverse engineering. Remember, practice makes perfect. So, don’t stop here – keep exploring, keep learning!

For more tutorials and guides, don’t forget to follow my blog and my social media profiles. Stay tuned for more exciting content on cybersecurity, programming, and more. Until next time, happy debugging!

Tags: ctfdebugginggdbmalwaremalware analysispico ctfpicoctfreverse engineering
Previous Post

Python Mitmproxy: Unmasking the Fake Wealth of Financial Gurus

 Next Post

Cracking PicoCTF: ‘Hurry Up! Wait!’ With Ghidra
Next Post
Cracking PicoCTF: ‘Hurry Up! Wait!’ With Ghidra

Cracking PicoCTF: 'Hurry Up! Wait!' With Ghidra

You might also like

Cryptographic functions

Cryptographic Hash Functions in Python: Secure Your Data Easily

November 3, 2024
Malware Obfuscation Techniques: All That You Need To Know

Malware Obfuscation Techniques: All That You Need To Know

March 25, 2024
How To Do Process Enumeration: An Alternative Way

How To Do Process Enumeration: An Alternative Way

March 4, 2024
How To Do DLL Injection: An In-Depth Cybersecurity Example

How To Do DLL Injection: An In-Depth Cybersecurity Example

February 8, 2024
Process Injection By Example: The Complete Guide

Process Injection By Example: The Complete Guide

January 24, 2024
How To Build Your Own: Python String Analysis for Malware Insights

How To Build Your Own: Python String Analysis for Malware Insights

November 10, 2023

StackZero

StackZero is a specialized technical blog dedicated to the realm of cybersecurity. It primarily provides insightful articles and comprehensive tutorials designed to educate readers on developing security tools. The blog encompasses a broad spectrum of subjects, starting from the foundational principles of cryptography and extending to more sophisticated areas such as exploitation and reverse engineering. This makes StackZero an invaluable resource for both beginners and professionals in the field of cybersecurity.
The blog covers a wide range of topics, from the basics of cryptography to the more advanced topics of exploitation and reverse engineering.

Tags

application security blind sqli blind sql injection bruteforce c cesar cipher command injection cryptography ctf cybersecurity debugging dom-based xss dvwa ethical-hacking ethical hacking exploitation file inclusion gdb hacking injection javascript malware malware analysis malware evasion network-security pentesting lab picoctf pico ctf python reflected xss reverse engineering sql sqli sql injection static analysis stored xss substitution substitution cipher vulnerable application web application security web exploitation web security windows windows api xss
  • About Me
  • Contacts
  • HomePage
  • Opt-out preferences
  • Privacy Policy
  • Terms and Conditions

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
No Result
View All Result
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me