Cyber Edu - forest

Originaly made by my teammate Andrei

This challenge’s description is:

You're walking through a forest at night... can you escape it? The flag is the answer to the three questions.

We recive a binary file called forest.

alt text

Decompiling the binary in IDA, we see nothing interesting in main

alt text

When we see nothing interesting in main, we have to start somwhere we know. Knowing that when we run the binary we get some strings, we can leverage that into searching for them in IDA.

In IDA: we go to view > open subviews > strings and search for the question: Do you go there?

alt text

Double clicking the resulting string will pop us at the memory address that has the string that we searched for.

alt text

We can see that the string ‘Do you go there?’ is stored inside unk_3F0A9. By going to XREF we can see where is this string used in the binary.

alt text

By double clicking the highlighted text we will jump to the point where our string is referenced.

alt text

We see that the place that the string is referenced to is referenced as well, so we will double click again the XREF.

alt text

Great! We found the place where the string is used and commented the line with it so that we’ll know where it is. Now we will search for the string ‘You waited too long and someone…’

alt text

We found the second string as well. Now we see that it sits inside a condition. We see in the condition ptr != 1701999987.

Converting the number into characters we get: ‘erus’ which reversed is ‘sure’. This looks like a potential answer. Let’s try it.

alt text

Awesome! We found the answer to the first question, and got a answer. We will search for the second question and so on until we find every answer.

alt text

answers

sure
okay
help!
#CTF Write-ups

Read Next

Hack The Box - Forks and Knives

Write-up for the Forks and Knives challenge.

TryHackMe - pwn101

Write-up for the last challenge in the pwn101 room.